[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 7b4fccc8a53b6befc9dc1aa4204a87cf5050747c (commit) via adc0910993d8eb2581442823c1f1bf2196aaecfa (commit) from aaf7185a85ead411208d0decb17e4f444dddff13 (commit) - Log - commit 7b4fccc8a53b6befc9dc1aa4204a87cf5050747c Author: Viktor Dukhovni Date: Mon Aug 30 15:09:43 2021 -0400 Test for DANE cross cert fix Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz commit adc0910993d8eb2581442823c1f1bf2196aaecfa Author: Viktor Dukhovni Date: Mon Aug 30 14:17:16 2021 -0400 Prioritise DANE TLSA issuer certs over peer certs When building the certificate chain, prioritise any Cert(0) Full(0) certificates from TLSA records over certificates received from the peer. This is important when the server sends a cross cert, but TLSA records include the underlying root CA cert. We want to construct a chain with the issuer from the TLSA record, which can then match the TLSA records (while the associated cross cert may not). Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz --- Summary of changes: crypto/x509/x509_vfy.c | 20 +--- test/certs/cross-key.pem | 28 ++ test/certs/cross-root.pem | 18 +++ test/certs/root-cross-cert.pem | 18 +++ test/certs/setup.sh| 3 ++ test/dane-cross.in | 113 + test/danetest.c| 2 +- test/recipes/80-test_dane.t| 6 ++- 8 files changed, 198 insertions(+), 10 deletions(-) create mode 100644 test/certs/cross-key.pem create mode 100644 test/certs/cross-root.pem create mode 100644 test/certs/root-cross-cert.pem create mode 100644 test/dane-cross.in diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 18c6172c98..0e5b18f67e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -3023,22 +3023,26 @@ static int build_chain(X509_STORE_CTX *ctx) may_trusted = 1; } -/* - * Shallow-copy the stack of untrusted certificates (with TLS, this is - * typically the content of the peer's certificate message) so can make - * multiple passes over it, while free to remove elements as we go. - */ -if ((sk_untrusted = sk_X509_dup(ctx->untrusted)) == NULL) +/* Initialize empty untrusted stack. */ +if ((sk_untrusted = sk_X509_new_null()) == NULL) goto memerr; /* - * If we got any "DANE-TA(2) Cert(0) Full(0)" trust anchors from DNS, add - * them to our working copy of the untrusted certificate stack. + * If we got any "Cert(0) Full(0)" trust anchors from DNS, *prepend* them + * to our working copy of the untrusted certificate stack. */ if (DANETLS_ENABLED(dane) && dane->certs != NULL && !X509_add_certs(sk_untrusted, dane->certs, X509_ADD_FLAG_DEFAULT)) goto memerr; +/* + * Shallow-copy the stack of untrusted certificates (with TLS, this is + * typically the content of the peer's certificate message) so we can make + * multiple passes over it, while free to remove elements as we go. + */ +if (!X509_add_certs(sk_untrusted, ctx->untrusted, X509_ADD_FLAG_DEFAULT)) +goto memerr; + /* * Still absurdly large, but arithmetically safe, a lower hard upper bound * might be reasonable. diff --git a/test/certs/cross-key.pem b/test/certs/cross-key.pem new file mode 100644 index 00..93cd467ac7 --- /dev/null +++ b/test/certs/cross-key.pem @@ -0,0 +1,28 @@ +-BEGIN PRIVATE KEY- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCSkfwkYXTJFL4I +ICRQFXji6eX9I1NI97GBu2Yk8ejwctMttcJTlBLYpYRFQnZgsLwVEhA25KKlSNPz +PPrEVipT5Ll5J6uhWEBGLHETh8Qx4sI508B2zUP+2tnDapYtk5MNSVdQZXVt6wJu +sXY8vd58nHPLo4zr61MTwrj3Ld0lU18YHtxnGSMMYPPTxecE0mjYU038ELxZMdlT ++VSC0KOBJddj64+kXRdiDtQGVWE58MtX5/18LgSY3J/hvNhmcWuY611pgXcmwDPr +Sn1fDeRqG87Qs8KniS1dtWHDCVW/5KZOQeLcK6VTaEdnwdPYQ7BiJp4+3ypKmErd +T9TYBs8XAgMBAAECggEABIxdeGpm8DjGRgSQLjLg88CNPWG89sBrQk0SbvQ1HJfq +dJXRDxgMFtBsFTfX6kla3xfyHpQ/dY4qJZvmQNBXIQ/oiqumw9Ah153qlGJJmXdG +PEQDEz7+2lExawwmjgk6Uvs58LMHmCNUibUdzHgsdZcwudq8R6FWZ8lvIIo6GOJg +1gOoPbeAQtNAx8LPr+eDvpXoWJrCKJKuZCSRLV2CDmEH/+KH123cD4Lg+MsPNBJd +DsOitnVczlqnKDf5gSUXy3cwQlKFtOBa/0pN9wZvZDEWa30RmJmXI2bLo/h6GxGB +JXK57mTJG3UboWFIgNBU9IudPOdzDfJE1ul/Jon/AQKBgQC7/mmZg31a/8zlPLji +oWoEEutyNu0O28BCbBrw9t1SqtPFLm53AzIzB4RFVjn9i5dnxljh618KQiY4FbKM +mz1Yuzf7zCV7n8c1NakGwmW9Ezl8ZoLE44Nu7Pccukorl6uEY7kZa2vGa7krmIcI +6kFbvVbl4scbXlDL88hGHezhoQKBgQDHl3O8kOvOhIwfVH6qIjIO+0oR57Tqtwaw +A3oq6Ppdp65GK9G4f+/5L0z/Ay69MyauBLRA6+9LlW6SmAACSK69juvPMK6gd5uS +yWQ8imh6l304BAryjOHiNXHtpnmiaPAGNgFZKPsPbWlOo4ZexTEBq23i4JM1TUph +xpCmGY1ltwKBgEuYyPo0iAo55zkfq/Fmm2079nYdZEKfV7beJg9UFjgR/crDGyS8 +okkm8qe3PuaYZbATcNaYgcVsSFYxU3V7T7YIw0B8HW6T
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 09126044f0120b0039b13365b30465d4b6d0f8f0 (commit) via 5d9be38211fdb8b6a1d4c9257715e8c28832a317 (commit) from 9e72d1a3145a0585b96fa9b4e9ab31ce35a43aba (commit) - Log - commit 09126044f0120b0039b13365b30465d4b6d0f8f0 Author: Viktor Dukhovni Date: Mon Aug 30 15:09:43 2021 -0400 Test for DANE cross cert fix Reviewed-by: Tomáš Mráz commit 5d9be38211fdb8b6a1d4c9257715e8c28832a317 Author: Viktor Dukhovni Date: Mon Aug 30 14:17:16 2021 -0400 Prioritise DANE TLSA issuer certs over peer certs When building the certificate chain, prioritise any Cert(0) Full(0) certificates from TLSA records over certificates received from the peer. This is important when the server sends a cross cert, but TLSA records include the underlying root CA cert. We want to construct a chain with the issuer from the TLSA record, which can then match the TLSA records (while the associated cross cert may not). Reviewed-by: Tomáš Mráz --- Summary of changes: crypto/x509/x509_vfy.c | 62 -- test/certs/cross-key.pem | 28 ++ test/certs/cross-root.pem | 18 +++ test/certs/root-cross-cert.pem | 18 +++ test/certs/setup.sh| 2 + test/dane-cross.in | 113 + test/danetest.c| 2 +- test/recipes/80-test_dane.t| 6 ++- 8 files changed, 221 insertions(+), 28 deletions(-) create mode 100644 test/certs/cross-key.pem create mode 100644 test/certs/cross-root.pem create mode 100644 test/certs/root-cross-cert.pem create mode 100644 test/dane-cross.in diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 20a36e763c..e404fcc602 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2924,6 +2924,26 @@ static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert) return ok; } +static int augment_stack(STACK_OF(X509) *src, STACK_OF(X509) **dstPtr) +{ +if (src) { +STACK_OF(X509) *dst; +int i; + +if (*dstPtr == NULL) +return ((*dstPtr = sk_X509_dup(src)) != NULL); + +for (dst = *dstPtr, i = 0; i < sk_X509_num(src); ++i) { +if (!sk_X509_push(dst, sk_X509_value(src, i))) { +sk_X509_free(dst); +*dstPtr = NULL; +return 0; +} +} +} +return 1; +} + static int build_chain(X509_STORE_CTX *ctx) { SSL_DANE *dane = ctx->dane; @@ -2967,18 +2987,7 @@ static int build_chain(X509_STORE_CTX *ctx) } /* - * Shallow-copy the stack of untrusted certificates (with TLS, this is - * typically the content of the peer's certificate message) so can make - * multiple passes over it, while free to remove elements as we go. - */ -if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { -X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); -ctx->error = X509_V_ERR_OUT_OF_MEM; -return 0; -} - -/* - * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add + * If we got any "Cert(0) Full(0)" issuer certificates from DNS, *prepend* * them to our working copy of the untrusted certificate stack. Since the * caller of X509_STORE_CTX_init() may have provided only a leaf cert with * no corresponding stack of untrusted certificates, we may need to create @@ -2987,20 +2996,21 @@ static int build_chain(X509_STORE_CTX *ctx) * containing at least the leaf certificate, but we must be prepared for * this to change. ] */ -if (DANETLS_ENABLED(dane) && dane->certs != NULL) { -if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) { -X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); -ctx->error = X509_V_ERR_OUT_OF_MEM; -return 0; -} -for (i = 0; i < sk_X509_num(dane->certs); ++i) { -if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) { -sk_X509_free(sktmp); -X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); -ctx->error = X509_V_ERR_OUT_OF_MEM; -return 0; -} -} +if (DANETLS_ENABLED(dane) && !augment_stack(dane->certs, )) { +X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); +ctx->error = X509_V_ERR_OUT_OF_MEM; +return 0; +} + +/* + * Shallow-copy the stack of untrusted certificates (with TLS, this is + * typically the content of the peer's certificate message) so can make + * multiple passes over it, while free to remove elements as we go. + */ +if (!a
[openssl] master update
The branch master has been updated via 305c77aa8211beefe9c4081a8ffea4280c9765fc (commit) via 661de442e4231a9b0411dc8562f9e465d1d7fabc (commit) from 505d44c623c2a883cf015f26a499842cea0161f0 (commit) - Log - commit 305c77aa8211beefe9c4081a8ffea4280c9765fc Author: Viktor Dukhovni Date: Mon Aug 30 15:09:43 2021 -0400 Test for DANE cross cert fix Reviewed-by: Tomáš Mráz commit 661de442e4231a9b0411dc8562f9e465d1d7fabc Author: Viktor Dukhovni Date: Mon Aug 30 14:17:16 2021 -0400 Prioritise DANE TLSA issuer certs over peer certs When building the certificate chain, prioritise any Cert(0) Full(0) certificates from TLSA records over certificates received from the peer. This is important when the server sends a cross cert, but TLSA records include the underlying root CA cert. We want to construct a chain with the issuer from the TLSA record, which can then match the TLSA records (while the associated cross cert may not). Reviewed-by: Tomáš Mráz --- Summary of changes: crypto/x509/x509_vfy.c | 20 +--- test/certs/cross-key.pem | 28 ++ test/certs/cross-root.pem | 18 +++ test/certs/root-cross-cert.pem | 18 +++ test/certs/setup.sh| 3 ++ test/dane-cross.in | 113 + test/danetest.c| 2 +- test/recipes/80-test_dane.t| 6 ++- 8 files changed, 198 insertions(+), 10 deletions(-) create mode 100644 test/certs/cross-key.pem create mode 100644 test/certs/cross-root.pem create mode 100644 test/certs/root-cross-cert.pem create mode 100644 test/dane-cross.in diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 18c6172c98..0e5b18f67e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -3023,22 +3023,26 @@ static int build_chain(X509_STORE_CTX *ctx) may_trusted = 1; } -/* - * Shallow-copy the stack of untrusted certificates (with TLS, this is - * typically the content of the peer's certificate message) so can make - * multiple passes over it, while free to remove elements as we go. - */ -if ((sk_untrusted = sk_X509_dup(ctx->untrusted)) == NULL) +/* Initialize empty untrusted stack. */ +if ((sk_untrusted = sk_X509_new_null()) == NULL) goto memerr; /* - * If we got any "DANE-TA(2) Cert(0) Full(0)" trust anchors from DNS, add - * them to our working copy of the untrusted certificate stack. + * If we got any "Cert(0) Full(0)" trust anchors from DNS, *prepend* them + * to our working copy of the untrusted certificate stack. */ if (DANETLS_ENABLED(dane) && dane->certs != NULL && !X509_add_certs(sk_untrusted, dane->certs, X509_ADD_FLAG_DEFAULT)) goto memerr; +/* + * Shallow-copy the stack of untrusted certificates (with TLS, this is + * typically the content of the peer's certificate message) so we can make + * multiple passes over it, while free to remove elements as we go. + */ +if (!X509_add_certs(sk_untrusted, ctx->untrusted, X509_ADD_FLAG_DEFAULT)) +goto memerr; + /* * Still absurdly large, but arithmetically safe, a lower hard upper bound * might be reasonable. diff --git a/test/certs/cross-key.pem b/test/certs/cross-key.pem new file mode 100644 index 00..93cd467ac7 --- /dev/null +++ b/test/certs/cross-key.pem @@ -0,0 +1,28 @@ +-BEGIN PRIVATE KEY- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCSkfwkYXTJFL4I +ICRQFXji6eX9I1NI97GBu2Yk8ejwctMttcJTlBLYpYRFQnZgsLwVEhA25KKlSNPz +PPrEVipT5Ll5J6uhWEBGLHETh8Qx4sI508B2zUP+2tnDapYtk5MNSVdQZXVt6wJu +sXY8vd58nHPLo4zr61MTwrj3Ld0lU18YHtxnGSMMYPPTxecE0mjYU038ELxZMdlT ++VSC0KOBJddj64+kXRdiDtQGVWE58MtX5/18LgSY3J/hvNhmcWuY611pgXcmwDPr +Sn1fDeRqG87Qs8KniS1dtWHDCVW/5KZOQeLcK6VTaEdnwdPYQ7BiJp4+3ypKmErd +T9TYBs8XAgMBAAECggEABIxdeGpm8DjGRgSQLjLg88CNPWG89sBrQk0SbvQ1HJfq +dJXRDxgMFtBsFTfX6kla3xfyHpQ/dY4qJZvmQNBXIQ/oiqumw9Ah153qlGJJmXdG +PEQDEz7+2lExawwmjgk6Uvs58LMHmCNUibUdzHgsdZcwudq8R6FWZ8lvIIo6GOJg +1gOoPbeAQtNAx8LPr+eDvpXoWJrCKJKuZCSRLV2CDmEH/+KH123cD4Lg+MsPNBJd +DsOitnVczlqnKDf5gSUXy3cwQlKFtOBa/0pN9wZvZDEWa30RmJmXI2bLo/h6GxGB +JXK57mTJG3UboWFIgNBU9IudPOdzDfJE1ul/Jon/AQKBgQC7/mmZg31a/8zlPLji +oWoEEutyNu0O28BCbBrw9t1SqtPFLm53AzIzB4RFVjn9i5dnxljh618KQiY4FbKM +mz1Yuzf7zCV7n8c1NakGwmW9Ezl8ZoLE44Nu7Pccukorl6uEY7kZa2vGa7krmIcI +6kFbvVbl4scbXlDL88hGHezhoQKBgQDHl3O8kOvOhIwfVH6qIjIO+0oR57Tqtwaw +A3oq6Ppdp65GK9G4f+/5L0z/Ay69MyauBLRA6+9LlW6SmAACSK69juvPMK6gd5uS +yWQ8imh6l304BAryjOHiNXHtpnmiaPAGNgFZKPsPbWlOo4ZexTEBq23i4JM1TUph +xpCmGY1ltwKBgEuYyPo0iAo55zkfq/Fmm2079nYdZEKfV7beJg9UFjgR/crDGyS8 +okkm8qe3PuaYZbATcNaYgcVsSFYxU3V7T7YIw0B8HW6TF9Zr16aiMatQucMurdNi +8g1/OPfSadURzqUU
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via c6c9f886ae118fffb0591ea0b5c3e4770b176552 (commit) from 335266fa793c105e5e38cbaf098542cc372cdc2e (commit) - Log - commit c6c9f886ae118fffb0591ea0b5c3e4770b176552 Author: Viktor Dukhovni Date: Thu Jul 16 23:30:43 2020 -0200 Avoid errors with a priori inapplicable protocol bounds The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configurign DTLS-based contexts, and conversely, silently ignore DTLS protocol version bounds when configuring TLS-based contexts. The commands can be repeated to set bounds of both types. The same applies with the corresponding "min_protocol" and "max_protocol" command-line switches, in case some application uses both TLS and DTLS. SSL_CTX instances that are created for a fixed protocol version (e.g. TLSv1_server_method()) also silently ignore version bounds. Previously attempts to apply bounds to these protocol versions would result in an error. Now only the "version-flexible" SSL_CTX instances are subject to limits in configuration files in command-line options. Expected to resolve #12394 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell GH: #12507 --- Summary of changes: CHANGES | 15 +++ doc/man3/SSL_CONF_cmd.pod | 29 - doc/man5/config.pod | 15 +-- ssl/ssl_conf.c| 7 +++ ssl/statem/statem_lib.c | 34 +++--- 5 files changed, 70 insertions(+), 30 deletions(-) diff --git a/CHANGES b/CHANGES index ae0d232526..ee5403dffc 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,21 @@ Changes between 1.1.1g and 1.1.1h [xx XXX ] + *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently + ignore TLS protocol version bounds when configuring DTLS-based contexts, and + conversely, silently ignore DTLS protocol version bounds when configuring + TLS-based contexts. The commands can be repeated to set bounds of both + types. The same applies with the corresponding "min_protocol" and + "max_protocol" command-line switches, in case some application uses both TLS + and DTLS. + + SSL_CTX instances that are created for a fixed protocol version (e.g. + TLSv1_server_method()) also silently ignore version bounds. Previously + attempts to apply bounds to these protocol versions would result in an + error. Now only the "version-flexible" SSL_CTX instances are subject to + limits in configuration files in command-line options. + [Viktor Dukhovni] + *) Handshake now fails if Extended Master Secret extension is dropped on renegotiation. [Tomas Mraz] diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 7f2449e379..c5fed8e1e0 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -147,13 +147,16 @@ B. =item B<-min_protocol>, B<-max_protocol> Sets the minimum and maximum supported protocol. -Currently supported protocol values are B, B, -B, B, B for TLS and B, B for DTLS, -and B for no limit. -If either bound is not specified then only the other bound applies, -if specified. -To restrict the supported protocol versions use these commands rather -than the deprecated alternative commands below. +Currently supported protocol values are B, B, B, +B, B for TLS; B, B for DTLS, and B +for no limit. +If either the lower or upper bound is not specified then only the other bound +applies, if specified. +If your application supports both TLS and DTLS you can specify any of these +options twice, once with a bound for TLS and again with an appropriate bound +for DTLS. +To restrict the supported protocol versions use these commands rather than the +deprecated alternative commands below. =item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> @@ -370,7 +373,11 @@ This sets the minimum supported SSL, TLS or DTLS version. Currently supported protocol values are B, B, B, B, B, B and B. -The value B will disable the limit. +The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a TLS bound, and the +other setting a DTLS bound. +The value B applies to both types of contexts and disables the limits. =item B @@ -378,7 +385,11 @@ This sets the maximum supported SSL, TLS or DTLS version. Currently supported protocol values are B, B, B, B, B, B and B. -The value B will disable the limit. +The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds
[openssl] master update
The branch master has been updated via 77174598920a05826a28d8a0bd87a3af43d3f4d8 (commit) from 5ac582d949c4f0dbf919c99d59496035a1f7e982 (commit) - Log - commit 77174598920a05826a28d8a0bd87a3af43d3f4d8 Author: Viktor Dukhovni Date: Thu Jul 16 23:30:43 2020 -0200 Avoid errors with a priori inapplicable protocol bounds The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configurign DTLS-based contexts, and conversely, silently ignore DTLS protocol version bounds when configuring TLS-based contexts. The commands can be repeated to set bounds of both types. The same applies with the corresponding "min_protocol" and "max_protocol" command-line switches, in case some application uses both TLS and DTLS. SSL_CTX instances that are created for a fixed protocol version (e.g. TLSv1_server_method()) also silently ignore version bounds. Previously attempts to apply bounds to these protocol versions would result in an error. Now only the "version-flexible" SSL_CTX instances are subject to limits in configuration files in command-line options. Expected to resolve #12394 Reviewed-by: Paul Dale GH: #12472 --- Summary of changes: CHANGES.md| 16 doc/man3/SSL_CONF_cmd.pod | 29 + doc/man5/config.pod | 7 ++- ssl/ssl_conf.c| 7 +++ ssl/statem/statem_lib.c | 34 +++--- 5 files changed, 69 insertions(+), 24 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 5ff188c18c..14694739ae 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,22 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX ] + * The 'MinProtocol' and 'MaxProtocol' configuration commands now silently + ignore TLS protocol version bounds when configuring DTLS-based contexts, and + conversely, silently ignore DTLS protocol version bounds when configuring + TLS-based contexts. The commands can be repeated to set bounds of both + types. The same applies with the corresponding "min_protocol" and + "max_protocol" command-line switches, in case some application uses both TLS + and DTLS. + + SSL_CTX instances that are created for a fixed protocol version (e.g. + TLSv1_server_method()) also silently ignore version bounds. Previously + attempts to apply bounds to these protocol versions would result in an + error. Now only the "version-flexible" SSL_CTX instances are subject to + limits in configuration files in command-line options. + + *Viktor Dukhovni* + * Deprecated the `ENGINE` API. Engines should be replaced with providers going forward. diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 753d6778df..97ebff047f 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -178,12 +178,17 @@ See L for more information. =item B<-min_protocol> I, B<-max_protocol> I -Sets the minimum and maximum supported protocol. Currently supported -protocol values are B, B, B, B, B -for TLS and B, B for DTLS, and B for no limit. -If either bound is not specified then only the other bound applies, -if specified. To restrict the supported protocol versions use these -commands rather than the deprecated alternative commands below. +Sets the minimum and maximum supported protocol. +Currently supported protocol values are B, B, B, +B, B for TLS; B, B for DTLS, and B +for no limit. +If either the lower or upper bound is not specified then only the other bound +applies, if specified. +If your application supports both TLS and DTLS you can specify any of these +options twice, once with a bound for TLS and again with an appropriate bound +for DTLS. +To restrict the supported protocol versions use these commands rather than the +deprecated alternative commands below. =item B<-record_padding> I @@ -389,7 +394,11 @@ This sets the minimum supported SSL, TLS or DTLS version. Currently supported protocol values are B, B, B, B, B, B and B. -The value B will disable the limit. +The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a TLS bound, and the +other setting a DTLS bound. +The value B applies to both types of contexts and disables the limits. =item B @@ -397,7 +406,11 @@ This sets the maximum supported SSL, TLS or DTLS version. Currently supported protocol values are B, B, B, B, B, B and B. -The value B will disable the limit. +The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds +apply only to DTLS-based contexts. +The command can be repea
[openssl] master update
The branch master has been updated via 7c43eb5dcf5cb098b9e2c2c58b000353af51efa2 (commit) from 1b0d1bf7f177f1a0c979af8e4abbd6ed45d464d7 (commit) - Log - commit 7c43eb5dcf5cb098b9e2c2c58b000353af51efa2 Author: Dmitry Belyavskiy Date: Sun Oct 6 22:25:10 2019 +0300 Strip BOM on loading PEM files Reviewed-by: Richard Levitte Reviewed-by: Viktor Dukhovni --- Summary of changes: crypto/pem/pem_lib.c | 19 --- test/recipes/04-test_pem.t| 1 + .../{cert-blankline.pem => cert-bom.pem} | 3 +-- 3 files changed, 18 insertions(+), 5 deletions(-) copy test/recipes/04-test_pem_data/{cert-blankline.pem => cert-bom.pem} (98%) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index eb07c884e7..020a030334 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -680,9 +680,20 @@ int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, #endif /* Some helpers for PEM_read_bio_ex(). */ -static int sanitize_line(char *linebuf, int len, unsigned int flags) +static int sanitize_line(char *linebuf, int len, unsigned int flags, int first_call) { int i; +if (first_call) { +/* Other BOMs imply unsupported multibyte encoding, + * so don't strip them and let the error raise */ +const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF}; + +if (len > 3 && memcmp(linebuf, utf8_bom, 3) == 0) { +memmove(linebuf, linebuf + 3, len - 3); +linebuf[len - 3] = 0; +len -= 3; +} +} if (flags & PEM_FLAG_EAY_COMPATIBLE) { /* Strip trailing whitespace */ @@ -727,6 +738,7 @@ static int get_name(BIO *bp, char **name, unsigned int flags) char *linebuf; int ret = 0; int len; +int first_call = 1; /* * Need to hold trailing NUL (accounted for by BIO_gets() and the newline @@ -747,7 +759,8 @@ static int get_name(BIO *bp, char **name, unsigned int flags) } /* Strip trailing garbage and standardize ending. */ -len = sanitize_line(linebuf, len, flags & ~PEM_FLAG_ONLY_B64); +len = sanitize_line(linebuf, len, flags & ~PEM_FLAG_ONLY_B64, first_call); +first_call = 0; /* Allow leading empty or non-matching lines. */ } while (strncmp(linebuf, beginstr, BEGINLEN) != 0 @@ -819,7 +832,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, } if (!strncmp(linebuf, endstr, ENDLEN) || got_header == IN_HEADER) flags_mask &= ~PEM_FLAG_ONLY_B64; -len = sanitize_line(linebuf, len, flags & flags_mask); +len = sanitize_line(linebuf, len, flags & flags_mask, 0); /* Check for end of header. */ if (linebuf[0] == '\n') { diff --git a/test/recipes/04-test_pem.t b/test/recipes/04-test_pem.t index b8f4d722a0..0e6e419519 100644 --- a/test/recipes/04-test_pem.t +++ b/test/recipes/04-test_pem.t @@ -32,6 +32,7 @@ my %cert_expected = ( "cert-256line.pem" => 1, "cert-257line.pem" => 1, "cert-blankline.pem" => 0, +"cert-bom.pem" => 1, "cert-comment.pem" => 0, "cert-earlypad.pem" => 0, "cert-extrapad.pem" => 0, diff --git a/test/recipes/04-test_pem_data/cert-blankline.pem b/test/recipes/04-test_pem_data/cert-bom.pem similarity index 98% copy from test/recipes/04-test_pem_data/cert-blankline.pem copy to test/recipes/04-test_pem_data/cert-bom.pem index 3f252886f6..91fbaf4024 100644 --- a/test/recipes/04-test_pem_data/cert-blankline.pem +++ b/test/recipes/04-test_pem_data/cert-bom.pem @@ -1,4 +1,4 @@ --BEGIN CERTIFICATE- +-BEGIN CERTIFICATE- MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G @@ -10,7 +10,6 @@ MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg - U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
[openssl] master update
The branch master has been updated via e78253f2d0c1a9fe6b023d867ee02342b4560150 (commit) from 5b084ca0492cee7aeca63e0a50dbff7487e3ee41 (commit) - Log - commit e78253f2d0c1a9fe6b023d867ee02342b4560150 Author: Viktor Dukhovni Date: Fri Oct 11 17:52:19 2019 -0400 Ignore empty ALPN elements in CLI args Reviewed-by: Matt Caswell --- Summary of changes: apps/lib/apps.c | 30 +- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 65bd5a4070..73483d99f4 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -1809,26 +1809,46 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in) size_t len; unsigned char *out; size_t i, start = 0; +size_t skipped = 0; len = strlen(in); -if (len >= 65535) +if (len == 0 || len >= 65535) return NULL; -out = app_malloc(strlen(in) + 1, "NPN buffer"); +out = app_malloc(len + 1, "NPN buffer"); for (i = 0; i <= len; ++i) { if (i == len || in[i] == ',') { +/* + * Zero-length ALPN elements are invalid on the wire, we could be + * strict and reject the entire string, but just ignoring extra + * commas seems harmless and more friendly. + * + * Every comma we skip in this way puts the input buffer another + * byte ahead of the output buffer, so all stores into the output + * buffer need to be decremented by the number commas skipped. + */ +if (i == start) { +++start; +++skipped; +continue; +} if (i - start > 255) { OPENSSL_free(out); return NULL; } -out[start] = (unsigned char)(i - start); +out[start-skipped] = (unsigned char)(i - start); start = i + 1; } else { -out[i + 1] = in[i]; +out[i + 1 - skipped] = in[i]; } } -*outlen = len + 1; +if (len <= skipped) { +OPENSSL_free(out); +return NULL; +} + +*outlen = len + 1 - skipped; return out; }
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via bc458b0dd00acf8114dee7e4ac6423288a570697 (commit) from 4a8392e20353fcd2b69bf4df7bf4d4edcb14605f (commit) - Log - commit bc458b0dd00acf8114dee7e4ac6423288a570697 Author: Viktor Dukhovni Date: Fri Oct 11 17:52:19 2019 -0400 Ignore empty ALPN elements in CLI args Reviewed-by: Matt Caswell --- Summary of changes: apps/apps.c | 30 +- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 7177c5d982..c06241abb9 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1962,26 +1962,46 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in) size_t len; unsigned char *out; size_t i, start = 0; +size_t skipped = 0; len = strlen(in); -if (len >= 65535) +if (len == 0 || len >= 65535) return NULL; -out = app_malloc(strlen(in) + 1, "NPN buffer"); +out = app_malloc(len + 1, "NPN buffer"); for (i = 0; i <= len; ++i) { if (i == len || in[i] == ',') { +/* + * Zero-length ALPN elements are invalid on the wire, we could be + * strict and reject the entire string, but just ignoring extra + * commas seems harmless and more friendly. + * + * Every comma we skip in this way puts the input buffer another + * byte ahead of the output buffer, so all stores into the output + * buffer need to be decremented by the number commas skipped. + */ +if (i == start) { +++start; +++skipped; +continue; +} if (i - start > 255) { OPENSSL_free(out); return NULL; } -out[start] = (unsigned char)(i - start); +out[start-skipped] = (unsigned char)(i - start); start = i + 1; } else { -out[i + 1] = in[i]; +out[i + 1 - skipped] = in[i]; } } -*outlen = len + 1; +if (len <= skipped) { +OPENSSL_free(out); +return NULL; +} + +*outlen = len + 1 - skipped; return out; }
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 2b7efbd03295f8a345b63acd212e22cb5a3d19df (commit) from cf8b3732484a7a087c1e004551e3f8c51203c69d (commit) - Log - commit 2b7efbd03295f8a345b63acd212e22cb5a3d19df Author: Viktor Dukhovni Date: Mon Jul 15 13:12:04 2019 -0400 Actually silently ignore GET / OCSP requests Reviewed-by: Matt Caswell --- Summary of changes: apps/ocsp.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 066a2e4..5d23918 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1416,9 +1416,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *q = '\0'; /* - * Skip "GET / HTTP..." requests often used by load-balancers + * Skip "GET / HTTP..." requests often used by load-balancers. Note: + * 'p' was incremented above to point to the first byte *after* the + * leading slash, so with 'GET / ' it is now an empty string. */ -if (p[1] == '\0') +if (p[0] == '\0') goto out; len = urldecode(p);
[openssl] master update
The branch master has been updated via 5fe499cb75469fbda08d96facd13d14a402a6d44 (commit) from 12df11bdf11fb6a3410483b0097f032e329b4623 (commit) - Log - commit 5fe499cb75469fbda08d96facd13d14a402a6d44 Author: Viktor Dukhovni Date: Mon Jul 15 13:12:04 2019 -0400 Actually silently ignore GET / OCSP requests Reviewed-by: Matt Caswell --- Summary of changes: apps/ocsp.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 9f2cf45..71c6a56 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1436,9 +1436,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *q = '\0'; /* - * Skip "GET / HTTP..." requests often used by load-balancers + * Skip "GET / HTTP..." requests often used by load-balancers. Note: + * 'p' was incremented above to point to the first byte *after* the + * leading slash, so with 'GET / ' it is now an empty string. */ -if (p[1] == '\0') +if (p[0] == '\0') goto out; len = urldecode(p);
[openssl-commits] [openssl] master update
The branch master has been updated via df1f538f28c10f2954757164b17781040d2355ef (commit) via b2f16a2271c40faed168c8bd89b562919a18cb3f (commit) from 9effc496ad8a9b0ec737c69cc0fddf610a045ea4 (commit) - Log - commit df1f538f28c10f2954757164b17781040d2355ef Author: Viktor Dukhovni Date: Tue Jan 1 02:53:24 2019 -0500 More configurable crypto and ssl library initialization 1. In addition to overriding the default application name, one can now also override the configuration file name and flags passed to CONF_modules_load_file(). 2. By default we still keep going when configuration file processing fails. But, applications that want to be strict about initialization errors can now make explicit flag choices via non-null OPENSSL_INIT_SETTINGS that omit the CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been both undocumented and unused). 3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG if the options already include OPENSSL_INIT_NO_LOAD_CONFIG. 4. Don't set up atexit() handlers when called with INIT_BASE_ONLY. Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7986) commit b2f16a2271c40faed168c8bd89b562919a18cb3f Author: Viktor Dukhovni Date: Tue Jan 1 19:19:43 2019 -0500 Update generator copyright year. Some Travis builds appear to fail because generated objects get 2019 copyrights now, and the diff complains. Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7986) --- Summary of changes: crypto/asn1/charmap.pl | 2 +- crypto/bn/bn_prime.pl | 2 +- crypto/conf/conf_lib.c | 26 + crypto/conf/conf_mod.c | 3 +++ crypto/conf/conf_sap.c | 23 +- crypto/conf/keysets.pl | 2 +- crypto/err/err.c| 12 crypto/init.c | 38 + crypto/objects/obj_dat.pl | 2 +- crypto/objects/objects.pl | 2 +- crypto/objects/objxref.pl | 2 +- doc/man3/CONF_modules_load_file.pod | 10 +- doc/man3/OPENSSL_init_crypto.pod| 37 +--- include/internal/conf.h | 9 - include/openssl/crypto.h| 6 +- ssl/ssl_init.c | 13 +++-- util/libcrypto.num | 2 ++ 17 files changed, 148 insertions(+), 43 deletions(-) diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl index 20f05fc..d29a21b 100644 --- a/crypto/asn1/charmap.pl +++ b/crypto/asn1/charmap.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl index fb54810..76df3fc 100644 --- a/crypto/bn/bn_prime.pl +++ b/crypto/bn/bn_prime.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 860ac67..606563a 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -358,11 +358,36 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void) if (ret != NULL) memset(ret, 0, sizeof(*ret)); +ret->flags = DEFAULT_CONF_MFLAGS; + return ret; } #ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *filename) +{ +char *newfilename = NULL; + +if (filename != NULL) { +newfilename = strdup(filename); +if (newfilename == NULL) +return 0; +} + +free(settings->filename); +settings->filename = newfilename; + +return 1; +} + +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, +unsigned long flags) +{ +settings->flags = flags; +} + int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, const char *appname) { @@ -383,6 +408,7 @@ int OPENSSL_INIT_set_config_appname(OPENSSL_I
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 25eb9299cec4404a4cdf3167056bd147af2582f3 (commit) via 1bfd76b3afa0abc275e9a60ee0ea7b22c4fb842a (commit) from d3b574fee1c4ad887a219fadb1674349ae0ce4b7 (commit) - Log - commit 25eb9299cec4404a4cdf3167056bd147af2582f3 Author: Viktor Dukhovni Date: Tue Jan 1 02:53:24 2019 -0500 More configurable crypto and ssl library initialization 1. In addition to overriding the default application name, one can now also override the configuration file name and flags passed to CONF_modules_load_file(). 2. By default we still keep going when configuration file processing fails. But, applications that want to be strict about initialization errors can now make explicit flag choices via non-null OPENSSL_INIT_SETTINGS that omit the CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been both undocumented and unused). 3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG if the options already include OPENSSL_INIT_NO_LOAD_CONFIG. 4. Don't set up atexit() handlers when called with opts equal to OPENSSL_INIT_BASE_ONLY (this flag should only be used alone). Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7969) commit 1bfd76b3afa0abc275e9a60ee0ea7b22c4fb842a Author: Viktor Dukhovni Date: Tue Jan 1 19:19:43 2019 -0500 Update generator copyright year. Some Travis builds appear to fail because generated objects get 2019 copyrights now, and the diff complains. Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7969) --- Summary of changes: crypto/asn1/charmap.pl | 2 +- crypto/bn/bn_prime.pl | 2 +- crypto/conf/conf_lib.c | 26 ++ crypto/conf/conf_mod.c | 3 +++ crypto/conf/conf_sap.c | 23 ++- crypto/conf/keysets.pl | 2 +- crypto/err/err.c| 12 crypto/init.c | 37 + crypto/objects/obj_dat.pl | 2 +- crypto/objects/objects.pl | 2 +- crypto/objects/objxref.pl | 2 +- doc/man3/CONF_modules_load_file.pod | 10 +- doc/man3/OPENSSL_init_crypto.pod| 37 ++--- include/internal/conf.h | 9 - include/openssl/crypto.h| 6 +- ssl/ssl_init.c | 11 ++- util/libcrypto.num | 2 ++ 17 files changed, 146 insertions(+), 42 deletions(-) diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl index fbab1f3..dadd8df 100644 --- a/crypto/asn1/charmap.pl +++ b/crypto/asn1/charmap.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl index eeca475..b0b1608 100644 --- a/crypto/bn/bn_prime.pl +++ b/crypto/bn/bn_prime.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 07110d8..4ae7bd2 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -358,11 +358,36 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void) if (ret != NULL) memset(ret, 0, sizeof(*ret)); +ret->flags = DEFAULT_CONF_MFLAGS; + return ret; } #ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *filename) +{ +char *newfilename = NULL; + +if (filename != NULL) { +newfilename = strdup(filename); +if (newfilename == NULL) +return 0; +} + +free(settings->filename); +settings->filename = newfilename; + +return 1; +} + +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, +unsigned long flags) +{ +settings->flags = flags; +} + int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, const char *app
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via ea7d2c5808f4711edfdd25a7a4e2e39f8ee3de62 (commit) from bb157fd142ab3eced6051a32d8207de8a79c2fbe (commit) - Log - commit ea7d2c5808f4711edfdd25a7a4e2e39f8ee3de62 Author: Ken Goldman Date: Fri Dec 14 15:04:04 2018 -0500 Admit unknown pkey types at security level 0 The check_key_level() function currently fails when the public key cannot be extracted from the certificate because its algorithm is not supported. However, the public key is not needed for the last certificate in the chain. This change moves the check for level 0 before the check for a non-NULL public key. For background, this is the TPM 1.2 endorsement key certificate. I.e., this is a real application with millions of certificates issued. The key is an RSA-2048 key. The TCG (for a while) specified Public Key Algorithm: rsaesOaep rather than the commonly used Public Key Algorithm: rsaEncryption because the key is an encryption key rather than a signing key. The X509 certificate parser fails to get the public key. Reviewed-by: Viktor Dukhovni Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7906) --- Summary of changes: crypto/x509/x509_vfy.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 61e8192..4ced716 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -3232,12 +3232,19 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert) EVP_PKEY *pkey = X509_get0_pubkey(cert); int level = ctx->param->auth_level; +/* + * At security level zero, return without checking for a supported public + * key type. Some engines support key types not understood outside the + * engine, and we only need to understand the key when enforcing a security + * floor. + */ +if (level <= 0) +return 1; + /* Unsupported or malformed keys are not secure */ if (pkey == NULL) return 0; -if (level <= 0) -return 1; if (level > NUM_AUTH_LEVELS) level = NUM_AUTH_LEVELS; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via baba1545105131fa34068f62928322e99d695ab1 (commit) from 6f8b858d054c4eb1112531e39da9ceb5fa37e5f1 (commit) - Log - commit baba1545105131fa34068f62928322e99d695ab1 Author: Ken Goldman Date: Fri Dec 14 15:04:04 2018 -0500 Admit unknown pkey types at security level 0 The check_key_level() function currently fails when the public key cannot be extracted from the certificate because its algorithm is not supported. However, the public key is not needed for the last certificate in the chain. This change moves the check for level 0 before the check for a non-NULL public key. For background, this is the TPM 1.2 endorsement key certificate. I.e., this is a real application with millions of certificates issued. The key is an RSA-2048 key. The TCG (for a while) specified Public Key Algorithm: rsaesOaep rather than the commonly used Public Key Algorithm: rsaEncryption because the key is an encryption key rather than a signing key. The X509 certificate parser fails to get the public key. Reviewed-by: Viktor Dukhovni Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7906) --- Summary of changes: crypto/x509/x509_vfy.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 95a95c6..bbf61d4 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -3232,12 +3232,19 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert) EVP_PKEY *pkey = X509_get0_pubkey(cert); int level = ctx->param->auth_level; +/* + * At security level zero, return without checking for a supported public + * key type. Some engines support key types not understood outside the + * engine, and we only need to understand the key when enforcing a security + * floor. + */ +if (level <= 0) +return 1; + /* Unsupported or malformed keys are not secure */ if (pkey == NULL) return 0; -if (level <= 0) -return 1; if (level > NUM_AUTH_LEVELS) level = NUM_AUTH_LEVELS; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 1057c2c39f5df45c36c0fc4d78dc9d3b91f78bc6 (commit) via 9b340281873643d2b8a33047dc8bfa607f7e0c3c (commit) via 73ff6d6847b1bbabe4ae052a3bde1f37c78aecb4 (commit) via ec91206fbe5e14731f9c9fa0b3dd859854d3e8b9 (commit) via 5db120dc351177173bb25e963be095404c31fbce (commit) via bda1f0c0d6987232f1f8ca2a72755ac62a99fc4c (commit) via d8adf68cd6b7c934f12e7db14ddfc33b8cdd5797 (commit) via 8343229bc4b8ac04e3a15d0645c453da84cab8d8 (commit) via 82f518acee36754cb6f64d39ba926b32daae2534 (commit) via 706a8af01556334dd250b6d252536e78fa8f9063 (commit) via 15f77f2cae7f845811fbeabafe620a3b1d6315d8 (commit) via 4b6ae3c3c2ce37a766049491af8e8b2426b1a46f (commit) via f53537b1fabdb38baf43e930b9c546ffb50a86cf (commit) from 91d0fd1c2753f0f7d6e0953eed3cfb6eb96d8ff4 (commit) - Log - commit 1057c2c39f5df45c36c0fc4d78dc9d3b91f78bc6 Author: Viktor Dukhovni Date: Sun Dec 9 18:37:56 2018 -0500 Cleaner disposal of ephemeral engine ids and names Engine names and ids are typically static strings. If an application actually dynamically allocated these, the application owns the storage, and should dispose of it via the original handle, rather than the "const char *" returned by the engine. In any case, this resolves the test code issue without resort to "unconst" macros/casts. Reviewed-by: Richard Levitte commit 9b340281873643d2b8a33047dc8bfa607f7e0c3c Author: Viktor Dukhovni Date: Sun Dec 9 18:37:26 2018 -0500 Eliminate NOP cast Reviewed-by: Richard Levitte commit 73ff6d6847b1bbabe4ae052a3bde1f37c78aecb4 Author: Christos Zoulas Date: Mon Oct 1 19:09:16 2018 -0400 change into hex string constants to avoid overflow warnings Reviewed-by: Richard Levitte Reviewed-by: Viktor Dukhovni commit ec91206fbe5e14731f9c9fa0b3dd859854d3e8b9 Author: Christos Zoulas Date: Sun Sep 30 17:16:07 2018 -0400 Add a format attribute to the format functions and fix the broken format strings. Reviewed-by: Richard Levitte Reviewed-by: Viktor Dukhovni commit 5db120dc351177173bb25e963be095404c31fbce Author: Christos Zoulas Date: Sun Sep 30 16:59:46 2018 -0400 Fix const issues Reviewed-by: Richard Levitte Reviewed-by: Viktor Dukhovni commit bda1f0c0d6987232f1f8ca2a72755ac62a99fc4c Author: Christos Zoulas Date: Sun Sep 30 16:57:56 2018 -0400 Avoid const castaway warning Reviewed-by: Richard Levitte Reviewed-by: Viktor Dukhovni commit d8adf68cd6b7c934f12e7db14ddfc33b8cdd5797 Author: Christos Zoulas Date: Sun Sep 30 16:57:14 2018 -0400 Use a const variable Reviewed-by: Richard Levitte Reviewed-by: Viktor Dukhovni commit 8343229bc4b8ac04e3a15d0645c453da84cab8d8 Author: Christos Zoulas Date: Sun Sep 30 16:56:49 2018 -0400 Use the proper fonst cast Reviewed-by: Richard Levitte Reviewed-by: Viktor Dukhovni commit 82f518acee36754cb6f64d39ba926b32daae2534 Author: Christos Zoulas Date: Sun Sep 30 16:56:14 2018 -0400 don't pass const string where a modifyable string is expected Reviewed-by: Richard Levitte Reviewed-by: Viktor Dukhovni commit 706a8af01556334dd250b6d252536e78fa8f9063 Author: Christos Zoulas Date: Sun Sep 30 16:55:05 2018 -0400 add missing "void" in prototype. Reviewed-by: Richard Levitte Reviewed-by: Viktor Dukhovni commit 15f77f2cae7f845811fbeabafe620a3b1d6315d8 Author: Christos Zoulas Date: Sun Sep 30 16:54:25 2018 -0400 add missing const in cast Reviewed-by: Richard Levitte Reviewed-by: Viktor Dukhovni commit 4b6ae3c3c2ce37a766049491af8e8b2426b1a46f Author: Christos Zoulas Date: Sun Sep 30 16:53:22 2018 -0400 add missing const Reviewed-by: Richard Levitte Reviewed-by: Viktor Dukhovni commit f53537b1fabdb38baf43e930b9c546ffb50a86cf Author: Christos Zoulas Date: Sun Sep 30 16:52:44 2018 -0400 use the proper types to eliminate casts Reviewed-by: Richard Levitte Reviewed-by: Viktor Dukhovni --- Summary of changes: test/destest.c| 2 +- test/enginetest.c | 15 +++--- test/hmactest.c | 46 --- test/ideatest.c | 4 ++-- test/testutil/driver.c| 2 +- test/testutil/format_output.c | 23 +++--- test/testutil/main.c | 2 +- test/testutil/output.h| 34 +++- test/testutil/stanza.c| 3 ++- test/testutil/tap_bio.c | 3 ++- test/testutil/tests.c | 2 +- 11 files changed, 80 insertions(+
[openssl-commits] [openssl] master update
The branch master has been updated via a51c9f637cdef7926d8a8991365e4b58975346db (commit) from 6e68dae85a8f91944370125561c7ec0d5da46c20 (commit) - Log - commit a51c9f637cdef7926d8a8991365e4b58975346db Author: Viktor Dukhovni Date: Sat Nov 10 01:53:56 2018 -0500 Added missing signature algorithm reflection functions SSL_get_signature_nid() -- local signature algorithm SSL_get_signature_type_nid() -- local signature algorithm key type SSL_get_peer_tmp_key() -- Peer key-exchange public key SSL_get_tmp_key -- local key exchange public key Aliased pre-existing SSL_get_server_tmp_key(), which was formerly just for clients, to SSL_get_peer_tmp_key(). Changed internal calls to use the new name. Reviewed-by: Matt Caswell --- Summary of changes: apps/s_cb.c| 3 ++- doc/man3/SSL_get_peer_signature_nid.pod| 12 --- ...server_tmp_key.pod => SSL_get_peer_tmp_key.pod} | 22 ++-- include/openssl/ssl.h | 18 +--- include/openssl/tls1.h | 1 + ssl/s3_lib.c | 24 -- ssl/t1_lib.c | 8 test/handshake_helper.c| 2 +- test/ssltest_old.c | 2 +- util/libssl.num| 1 + util/private.num | 3 +++ 11 files changed, 79 insertions(+), 17 deletions(-) rename doc/man3/{SSL_get_server_tmp_key.pod => SSL_get_peer_tmp_key.pod} (50%) diff --git a/apps/s_cb.c b/apps/s_cb.c index 46b3864..2d4568f 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -394,7 +394,8 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared) int ssl_print_tmp_key(BIO *out, SSL *s) { EVP_PKEY *key; -if (!SSL_get_server_tmp_key(s, )) + +if (!SSL_get_peer_tmp_key(s, )) return 1; BIO_puts(out, "Server Temp Key: "); switch (EVP_PKEY_id(key)) { diff --git a/doc/man3/SSL_get_peer_signature_nid.pod b/doc/man3/SSL_get_peer_signature_nid.pod index ce6ab61..dbca8cf 100644 --- a/doc/man3/SSL_get_peer_signature_nid.pod +++ b/doc/man3/SSL_get_peer_signature_nid.pod @@ -2,8 +2,9 @@ =head1 NAME -SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid - get TLS -message signing types +SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, +SSL_get_signature_nid, SSL_get_signature_type_nid - get TLS message signing +types =head1 SYNOPSIS @@ -11,6 +12,8 @@ message signing types int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid); int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid); + int SSL_get_signature_nid(SSL *ssl, int *psig_nid); + int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); =head1 DESCRIPTION @@ -24,12 +27,15 @@ where it is B. To differentiate between B and B signatures, it's necessary to check the type of public key in the peer's certificate. +SSL_get_signature_nid() and SSL_get_signature_type_nid() return the equivalent +information for the local end of the connection. + =head1 RETURN VALUES These functions return 1 for success and 0 for failure. There are several possible reasons for failure: the cipher suite has no signature (e.g. it uses RSA key exchange or is anonymous), the TLS version is below 1.2 or -the functions were called before the peer signed a message. +the functions were called too early, e.g. before the peer signed a message. =head1 SEE ALSO diff --git a/doc/man3/SSL_get_server_tmp_key.pod b/doc/man3/SSL_get_peer_tmp_key.pod similarity index 50% rename from doc/man3/SSL_get_server_tmp_key.pod rename to doc/man3/SSL_get_peer_tmp_key.pod index fda891b..23006b3 100644 --- a/doc/man3/SSL_get_server_tmp_key.pod +++ b/doc/man3/SSL_get_peer_tmp_key.pod @@ -2,26 +2,36 @@ =head1 NAME -SSL_get_server_tmp_key - get information about the server's temporary key used -during a handshake +SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key - get information +about temporary keys used during a handshake =head1 SYNOPSIS #include + long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key); long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); + long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); =head1 DESCRIPTION -SSL_get_server_tmp_key() returns the temporary key provided by the server and +SSL_get_peer_tmp_key() returns the temporary key provided by the peer and used during key exchange. For example, if ECDHE is in use, then this represents -the server's public ECDHE key. On success a pointer to the key is stored in +the peer's public ECDHE key. On success a pointer to the key is s
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 45f247258a87b73e76f95631e0f4aa22298fd19c (commit) from 44197e961a66b8a2eda2a66857c8aa0c5059459c (commit) - Log - commit 45f247258a87b73e76f95631e0f4aa22298fd19c Author: Viktor Dukhovni Date: Sat Nov 10 01:53:56 2018 -0500 Added missing signature algorithm reflection functions SSL_get_signature_nid() -- local signature algorithm SSL_get_signature_type_nid() -- local signature algorithm key type SSL_get_peer_tmp_key() -- Peer key-exchange public key SSL_get_tmp_key -- local key exchange public key Aliased pre-existing SSL_get_server_tmp_key(), which was formerly just for clients, to SSL_get_peer_tmp_key(). Changed internal calls to use the new name. Reviewed-by: Matt Caswell --- Summary of changes: apps/s_cb.c| 3 ++- doc/man3/SSL_get_peer_signature_nid.pod| 12 --- ...server_tmp_key.pod => SSL_get_peer_tmp_key.pod} | 22 ++-- include/openssl/ssl.h | 18 +--- include/openssl/tls1.h | 1 + ssl/s3_lib.c | 24 -- ssl/t1_lib.c | 8 test/handshake_helper.c| 2 +- test/ssltest_old.c | 2 +- util/libssl.num| 1 + util/private.num | 3 +++ 11 files changed, 79 insertions(+), 17 deletions(-) rename doc/man3/{SSL_get_server_tmp_key.pod => SSL_get_peer_tmp_key.pod} (50%) diff --git a/apps/s_cb.c b/apps/s_cb.c index 46b3864..2d4568f 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -394,7 +394,8 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared) int ssl_print_tmp_key(BIO *out, SSL *s) { EVP_PKEY *key; -if (!SSL_get_server_tmp_key(s, )) + +if (!SSL_get_peer_tmp_key(s, )) return 1; BIO_puts(out, "Server Temp Key: "); switch (EVP_PKEY_id(key)) { diff --git a/doc/man3/SSL_get_peer_signature_nid.pod b/doc/man3/SSL_get_peer_signature_nid.pod index ce6ab61..dbca8cf 100644 --- a/doc/man3/SSL_get_peer_signature_nid.pod +++ b/doc/man3/SSL_get_peer_signature_nid.pod @@ -2,8 +2,9 @@ =head1 NAME -SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid - get TLS -message signing types +SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, +SSL_get_signature_nid, SSL_get_signature_type_nid - get TLS message signing +types =head1 SYNOPSIS @@ -11,6 +12,8 @@ message signing types int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid); int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid); + int SSL_get_signature_nid(SSL *ssl, int *psig_nid); + int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); =head1 DESCRIPTION @@ -24,12 +27,15 @@ where it is B. To differentiate between B and B signatures, it's necessary to check the type of public key in the peer's certificate. +SSL_get_signature_nid() and SSL_get_signature_type_nid() return the equivalent +information for the local end of the connection. + =head1 RETURN VALUES These functions return 1 for success and 0 for failure. There are several possible reasons for failure: the cipher suite has no signature (e.g. it uses RSA key exchange or is anonymous), the TLS version is below 1.2 or -the functions were called before the peer signed a message. +the functions were called too early, e.g. before the peer signed a message. =head1 SEE ALSO diff --git a/doc/man3/SSL_get_server_tmp_key.pod b/doc/man3/SSL_get_peer_tmp_key.pod similarity index 50% rename from doc/man3/SSL_get_server_tmp_key.pod rename to doc/man3/SSL_get_peer_tmp_key.pod index fda891b..23006b3 100644 --- a/doc/man3/SSL_get_server_tmp_key.pod +++ b/doc/man3/SSL_get_peer_tmp_key.pod @@ -2,26 +2,36 @@ =head1 NAME -SSL_get_server_tmp_key - get information about the server's temporary key used -during a handshake +SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key - get information +about temporary keys used during a handshake =head1 SYNOPSIS #include + long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key); long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); + long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); =head1 DESCRIPTION -SSL_get_server_tmp_key() returns the temporary key provided by the server and +SSL_get_peer_tmp_key() returns the temporary key provided by the peer and used during key exchange. For example, if ECDHE is in use, then this represents -the server's public ECDHE key. On success a pointer to the key is stored in +the peer's public ECDHE key. On success a pointer to the key is s
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 35cf781c20b65e51c6d0d3e9a199e74534b60b4a (commit) via c8ce9e50d50af58d878d81522a3d592c00a17ba0 (commit) from b1016c96dbb7a8d9b724f34656e0b2aae9e54cfe (commit) - Log - commit 35cf781c20b65e51c6d0d3e9a199e74534b60b4a Author: Viktor Dukhovni Date: Mon Oct 8 12:05:14 2018 -0400 Apply self-imposed path length also to root CAs Also, some readers of the code find starting the count at 1 for EE cert confusing (since RFC5280 counts only non-self-issued intermediate CAs, but we also counted the leaf). Therefore, never count the EE cert, and adjust the path length comparison accordinly. This may be more clear to the reader. Reviewed-by: Matt Caswell (cherry picked from commit dc5831da59e9bfad61ba425d886a0b06ac160cd6) commit c8ce9e50d50af58d878d81522a3d592c00a17ba0 Author: Viktor Dukhovni Date: Thu Oct 4 23:53:01 2018 -0400 Only CA certificates can be self-issued At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph of above https://tools.ietf.org/html/rfc5280#section-3.3), we see: This specification covers two classes of certificates: CA certificates and end entity certificates. CA certificates may be further divided into three classes: cross-certificates, self-issued certificates, and self-signed certificates. Cross-certificates are CA certificates in which the issuer and subject are different entities. Cross-certificates describe a trust relationship between the two CAs. Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations. Self- signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate. Self-signed certificates are used to convey a public key for use to begin certification paths. End entity certificates are issued to subjects that are not authorized to issue certificates. that the term "self-issued" is only applicable to CAs, not end-entity certificates. In https://tools.ietf.org/html/rfc5280#section-4.2.1.9 the description of path length constraints says: The pathLenConstraint field is meaningful only if the cA boolean is asserted and the key usage extension, if present, asserts the keyCertSign bit (Section 4.2.1.3). In this case, it gives the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path. (Note: The last certificate in the certification path is not an intermediate certificate, and is not included in this limit. Usually, the last certificate is an end entity certificate, but it can be a CA certificate.) This makes it clear that exclusion of self-issued certificates from the path length count applies only to some *intermediate* CA certificates. A leaf certificate whether it has identical issuer and subject or whether it is a CA or not is never part of the intermediate certificate count. The handling of all leaf certificates must be the same, in the case of our code to post-increment the path count by 1, so that we ultimately reach a non-self-issued intermediate it will be the first one (not zeroth) in the chain of intermediates. Reviewed-by: Matt Caswell (cherry picked from commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f) --- Summary of changes: crypto/x509/x509_vfy.c | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 749768e..da778d4 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -694,10 +694,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) goto end; } } -/* Check pathlen if not self issued */ -if ((i > 1) && !(x->ex_flags & EXFLAG_SI) -&& (x->ex_pathlen != -1) -&& (plen > (x->ex_pathlen + proxy_path_length + 1))) { +/* Check pathlen */ +if ((i > 1) && (x->ex_pathlen != -1) +&& (plen > (x->ex_pathlen + proxy_path_length))) { ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; ctx->error_depth = i; ctx->current_cert = x; @@ -705,8 +704,8 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) if (!ok) goto end; } -/* Increment path l
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via d46f9173bbd62ffa7ae0b20bf05c600e14722cc6 (commit) via cc54a2a0f5a2455205ee236bb44458cc39366065 (commit) from a76a41655e57b72b30a373aae6e75afedf920076 (commit) - Log - commit d46f9173bbd62ffa7ae0b20bf05c600e14722cc6 Author: Viktor Dukhovni Date: Mon Oct 8 12:05:14 2018 -0400 Apply self-imposed path length also to root CAs Also, some readers of the code find starting the count at 1 for EE cert confusing (since RFC5280 counts only non-self-issued intermediate CAs, but we also counted the leaf). Therefore, never count the EE cert, and adjust the path length comparison accordinly. This may be more clear to the reader. Reviewed-by: Matt Caswell (cherry picked from commit dc5831da59e9bfad61ba425d886a0b06ac160cd6) commit cc54a2a0f5a2455205ee236bb44458cc39366065 Author: Viktor Dukhovni Date: Thu Oct 4 23:53:01 2018 -0400 Only CA certificates can be self-issued At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph of above https://tools.ietf.org/html/rfc5280#section-3.3), we see: This specification covers two classes of certificates: CA certificates and end entity certificates. CA certificates may be further divided into three classes: cross-certificates, self-issued certificates, and self-signed certificates. Cross-certificates are CA certificates in which the issuer and subject are different entities. Cross-certificates describe a trust relationship between the two CAs. Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations. Self- signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate. Self-signed certificates are used to convey a public key for use to begin certification paths. End entity certificates are issued to subjects that are not authorized to issue certificates. that the term "self-issued" is only applicable to CAs, not end-entity certificates. In https://tools.ietf.org/html/rfc5280#section-4.2.1.9 the description of path length constraints says: The pathLenConstraint field is meaningful only if the cA boolean is asserted and the key usage extension, if present, asserts the keyCertSign bit (Section 4.2.1.3). In this case, it gives the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path. (Note: The last certificate in the certification path is not an intermediate certificate, and is not included in this limit. Usually, the last certificate is an end entity certificate, but it can be a CA certificate.) This makes it clear that exclusion of self-issued certificates from the path length count applies only to some *intermediate* CA certificates. A leaf certificate whether it has identical issuer and subject or whether it is a CA or not is never part of the intermediate certificate count. The handling of all leaf certificates must be the same, in the case of our code to post-increment the path count by 1, so that we ultimately reach a non-self-issued intermediate it will be the first one (not zeroth) in the chain of intermediates. Reviewed-by: Matt Caswell (cherry picked from commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f) --- Summary of changes: crypto/x509/x509_vfy.c | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f86871f..ba186d3 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -515,15 +515,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) /* check_purpose() makes the callback as needed */ if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca)) return 0; -/* Check pathlen if not self issued */ -if ((i > 1) && !(x->ex_flags & EXFLAG_SI) -&& (x->ex_pathlen != -1) -&& (plen > (x->ex_pathlen + proxy_path_length + 1))) { +/* Check pathlen */ +if ((i > 1) && (x->ex_pathlen != -1) +&& (plen > (x->ex_pathlen + proxy_path_length))) { if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED)) return 0; } -/* Increment path length if not self issued */ -if (!(x
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via a190ea8ad7f2405d1a6245e59481fb6e3d0f60d2 (commit) via bb6923945ee61b024c841f8131416c3c35cc9746 (commit) from 871039698042467b814b4fa37353db120be5b331 (commit) - Log - commit a190ea8ad7f2405d1a6245e59481fb6e3d0f60d2 Author: Viktor Dukhovni Date: Mon Oct 8 12:05:14 2018 -0400 Apply self-imposed path length also to root CAs Also, some readers of the code find starting the count at 1 for EE cert confusing (since RFC5280 counts only non-self-issued intermediate CAs, but we also counted the leaf). Therefore, never count the EE cert, and adjust the path length comparison accordinly. This may be more clear to the reader. Reviewed-by: Matt Caswell (cherry picked from commit dc5831da59e9bfad61ba425d886a0b06ac160cd6) commit bb6923945ee61b024c841f8131416c3c35cc9746 Author: Viktor Dukhovni Date: Thu Oct 4 23:53:01 2018 -0400 Only CA certificates can be self-issued At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph of above https://tools.ietf.org/html/rfc5280#section-3.3), we see: This specification covers two classes of certificates: CA certificates and end entity certificates. CA certificates may be further divided into three classes: cross-certificates, self-issued certificates, and self-signed certificates. Cross-certificates are CA certificates in which the issuer and subject are different entities. Cross-certificates describe a trust relationship between the two CAs. Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations. Self- signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate. Self-signed certificates are used to convey a public key for use to begin certification paths. End entity certificates are issued to subjects that are not authorized to issue certificates. that the term "self-issued" is only applicable to CAs, not end-entity certificates. In https://tools.ietf.org/html/rfc5280#section-4.2.1.9 the description of path length constraints says: The pathLenConstraint field is meaningful only if the cA boolean is asserted and the key usage extension, if present, asserts the keyCertSign bit (Section 4.2.1.3). In this case, it gives the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path. (Note: The last certificate in the certification path is not an intermediate certificate, and is not included in this limit. Usually, the last certificate is an end entity certificate, but it can be a CA certificate.) This makes it clear that exclusion of self-issued certificates from the path length count applies only to some *intermediate* CA certificates. A leaf certificate whether it has identical issuer and subject or whether it is a CA or not is never part of the intermediate certificate count. The handling of all leaf certificates must be the same, in the case of our code to post-increment the path count by 1, so that we ultimately reach a non-self-issued intermediate it will be the first one (not zeroth) in the chain of intermediates. Reviewed-by: Matt Caswell (cherry picked from commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f) --- Summary of changes: crypto/x509/x509_vfy.c | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 3a60d41..61e8192 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -517,15 +517,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) /* check_purpose() makes the callback as needed */ if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca)) return 0; -/* Check pathlen if not self issued */ -if ((i > 1) && !(x->ex_flags & EXFLAG_SI) -&& (x->ex_pathlen != -1) -&& (plen > (x->ex_pathlen + proxy_path_length + 1))) { +/* Check pathlen */ +if ((i > 1) && (x->ex_pathlen != -1) +&& (plen > (x->ex_pathlen + proxy_path_length))) { if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED)) return 0; } -/* Increment path length if not self issued */ -if (!(x
[openssl-commits] [openssl] master update
The branch master has been updated via dc5831da59e9bfad61ba425d886a0b06ac160cd6 (commit) via ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f (commit) from d68af00685c4a76e9545882e350717ae5e4071df (commit) - Log - commit dc5831da59e9bfad61ba425d886a0b06ac160cd6 Author: Viktor Dukhovni Date: Mon Oct 8 12:05:14 2018 -0400 Apply self-imposed path length also to root CAs Also, some readers of the code find starting the count at 1 for EE cert confusing (since RFC5280 counts only non-self-issued intermediate CAs, but we also counted the leaf). Therefore, never count the EE cert, and adjust the path length comparison accordinly. This may be more clear to the reader. Reviewed-by: Matt Caswell commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f Author: Viktor Dukhovni Date: Thu Oct 4 23:53:01 2018 -0400 Only CA certificates can be self-issued At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph of above https://tools.ietf.org/html/rfc5280#section-3.3), we see: This specification covers two classes of certificates: CA certificates and end entity certificates. CA certificates may be further divided into three classes: cross-certificates, self-issued certificates, and self-signed certificates. Cross-certificates are CA certificates in which the issuer and subject are different entities. Cross-certificates describe a trust relationship between the two CAs. Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations. Self- signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate. Self-signed certificates are used to convey a public key for use to begin certification paths. End entity certificates are issued to subjects that are not authorized to issue certificates. that the term "self-issued" is only applicable to CAs, not end-entity certificates. In https://tools.ietf.org/html/rfc5280#section-4.2.1.9 the description of path length constraints says: The pathLenConstraint field is meaningful only if the cA boolean is asserted and the key usage extension, if present, asserts the keyCertSign bit (Section 4.2.1.3). In this case, it gives the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path. (Note: The last certificate in the certification path is not an intermediate certificate, and is not included in this limit. Usually, the last certificate is an end entity certificate, but it can be a CA certificate.) This makes it clear that exclusion of self-issued certificates from the path length count applies only to some *intermediate* CA certificates. A leaf certificate whether it has identical issuer and subject or whether it is a CA or not is never part of the intermediate certificate count. The handling of all leaf certificates must be the same, in the case of our code to post-increment the path count by 1, so that we ultimately reach a non-self-issued intermediate it will be the first one (not zeroth) in the chain of intermediates. Reviewed-by: Matt Caswell --- Summary of changes: crypto/x509/x509_vfy.c | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 3a60d41..61e8192 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -517,15 +517,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) /* check_purpose() makes the callback as needed */ if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca)) return 0; -/* Check pathlen if not self issued */ -if ((i > 1) && !(x->ex_flags & EXFLAG_SI) -&& (x->ex_pathlen != -1) -&& (plen > (x->ex_pathlen + proxy_path_length + 1))) { +/* Check pathlen */ +if ((i > 1) && (x->ex_pathlen != -1) +&& (plen > (x->ex_pathlen + proxy_path_length))) { if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED)) return 0; } -/* Increment path length if not self issued */ -if (!(x->ex_flags & EXFLAG_SI)) +/* Increment path length if not a self issued intermediate CA */ +if (i > 0 && (x->ex_flags &am
[openssl-commits] [openssl] master update
The branch master has been updated via 0df65d82dbc41e8da00adb243de5918db532c8a6 (commit) from 8fe4c0b001f85c5a918c6a6d4687813ea3d2945f (commit) - Log - commit 0df65d82dbc41e8da00adb243de5918db532c8a6 Author: Viktor Dukhovni Date: Tue Jun 12 11:51:53 2018 -0400 Document return value of X509_add_ext and also X509_delete_ext() Reviewed-by: Matt Caswell --- Summary of changes: doc/man3/X509v3_get_ext_by_NID.pod | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/man3/X509v3_get_ext_by_NID.pod b/doc/man3/X509v3_get_ext_by_NID.pod index 81c938e..54dff3c 100644 --- a/doc/man3/X509v3_get_ext_by_NID.pod +++ b/doc/man3/X509v3_get_ext_by_NID.pod @@ -115,8 +115,8 @@ initial extension will not be checked. X509v3_get_ext_count() returns the extension count. -X509v3_get_ext() and X509v3_delete_ext() return an B pointer -or B if an error occurs. +X509v3_get_ext(), X509v3_delete_ext() and X509_delete_ext() return an +B pointer or B if an error occurs. X509v3_get_ext_by_NID() X509v3_get_ext_by_OBJ() and X509v3_get_ext_by_critical() return the an extension index or B<-1> if an @@ -124,6 +124,8 @@ error occurs. X509v3_add_ext() returns a stack of extensions or B on error. +X509_add_ext() returns 1 on success and 0 on error. + =head1 SEE ALSO L _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via a4107d73d597a6f8754f7cf5c8c53d2097bea652 (commit) from cb1b2cafe11f2008b0acc91726a6a6760f16fe28 (commit) - Log - commit a4107d73d597a6f8754f7cf5c8c53d2097bea652 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Apr 18 19:52:26 2018 -0400 Add missing index_index() when reloading OCSP responder Also, future-proof index_index() return codes by requiring success to return a positive value. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: apps/apps.c | 3 +++ apps/ca.c | 4 ++-- apps/ocsp.c | 5 +++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 5a32dc0..6ae8523 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1597,6 +1597,9 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) return retdb; } +/* + * Returns > 0 on success, <= 0 on error + */ int index_index(CA_DB *db) { if (!TXT_DB_create_index(db->db, DB_serial, NULL, diff --git a/apps/ca.c b/apps/ca.c index d530cf5..1c053b5 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -498,7 +498,7 @@ end_of_options: if (db == NULL) goto end; -if (!index_index(db)) +if (index_index(db) <= 0) goto end; if (get_certificate_status(ser_status, db) != 1) @@ -672,7 +672,7 @@ end_of_options: BIO_printf(bio_err, "generating index\n"); } -if (!index_index(db)) +if (index_index(db) <= 0) goto end; /*/ diff --git a/apps/ocsp.c b/apps/ocsp.c index 3c5534a..83461c7 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -559,7 +559,7 @@ int ocsp_main(int argc, char **argv) if (ridx_filename != NULL) { rdb = load_index(ridx_filename, NULL); -if (rdb == NULL || !index_index(rdb)) { +if (rdb == NULL || index_index(rdb) <= 0) { ret = 1; goto end; } @@ -582,10 +582,11 @@ redo_accept: if (index_changed(rdb)) { CA_DB *newrdb = load_index(ridx_filename, NULL); -if (newrdb != NULL) { +if (newrdb != NULL && index_index(newrdb) > 0) { free_index(rdb); rdb = newrdb; } else { +free_index(newrdb); log_message(LOG_ERR, "error reloading updated index: %s", ridx_filename); } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via a7fb4fa1708c65c0932133dca64a53d0237312e3 (commit) from 9300f078b6b6a83acd9aabcca89577f1a7800a6f (commit) - Log - commit a7fb4fa1708c65c0932133dca64a53d0237312e3 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Thu Mar 8 10:51:46 2018 -0500 Make OCSP "multi" compatible with "no-sock" builds. Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: apps/ocsp.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 6de0117..82c11e8 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -230,9 +230,7 @@ int ocsp_main(int argc, char **argv) int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1; int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1; int req_text = 0, resp_text = 0, ret = 1; -# ifndef OPENSSL_NO_SOCK int req_timeout = -1; -# endif long nsec = MAX_VALIDITY_PERIOD, maxage = -1; unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; OPTION_CHOICE o; @@ -483,11 +481,11 @@ int ocsp_main(int argc, char **argv) goto opthelp; trailing_md = 1; break; -# ifdef OCSP_DAEMON case OPT_MULTI: +# ifdef OCSP_DAEMON multi = atoi(opt_arg()); -break; # endif +break; } } if (trailing_md) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 3e3c7c3646878fbbef07865aca007e112cf0fc26 (commit) via c7d5ea2670c2f2ce855b099a14ca2c218661ad3f (commit) from 61ab6919183fe804f3ed5cf26fcc121a4ecbb6af (commit) - Log - commit 3e3c7c3646878fbbef07865aca007e112cf0fc26 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon Mar 5 15:18:04 2018 -0500 Implement multi-process OCSP responder. With "-multi" the OCSP responder forks multiple child processes, and respawns them as needed. This can be used as a long-running service, not just a demo program. Therefore the index file is automatically re-read when changed. The responder also now optionally times out client requests. Reviewed-by: Matt Caswell <m...@openssl.org> commit c7d5ea2670c2f2ce855b099a14ca2c218661ad3f Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon Mar 5 14:40:02 2018 -0500 Prepare to detect index changes in OCSP responder. Retain open file handle and previous stat data for the CA index file, enabling detection and index reload (upcoming commit). Check requirements before entering accept loop. Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: CHANGES | 14 ++ apps/apps.c | 21 +++ apps/apps.h | 10 ++ apps/ocsp.c | 379 ++ crypto/err/err.c | 1 + doc/man1/ocsp.pod | 18 ++- include/openssl/err.h | 1 + 7 files changed, 388 insertions(+), 56 deletions(-) diff --git a/CHANGES b/CHANGES index 5e5abb9..dcbe291 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,20 @@ Changes between 1.1.0g and 1.1.1 [xx XXX ] + *) On POSIX (BSD, Linux, ...) systems the ocsp(1) command running + in responder mode now supports the new "-multi" option, which + spawns the specified number of child processes to handle OCSP + requests. The "-timeout" option now also limits the OCSP + responder's patience to wait to receive the full client request + on a newly accepted connection. Child processes are respawned + as needed, and the CA index file is automatically reloaded + when changed. This makes it possible to run the "ocsp" responder + as a long-running service, making the OpenSSL CA somewhat more + feature-complete. In this mode, most diagnostic messages logged + after entering the event loop are logged via syslog(3) rather than + written to stderr. + [Viktor Dukhovni] + *) Added support for X448 and Ed448. Heavily based on original work by Mike Hamburg. [Matt Caswell] diff --git a/apps/apps.c b/apps/apps.c index ef57355..5a32dc0 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1538,12 +1538,27 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) BIO *in; CONF *dbattr_conf = NULL; char buf[BSIZE]; +#ifndef OPENSSL_NO_POSIX_IO +FILE *dbfp; +struct stat dbst; +#endif in = BIO_new_file(dbfile, "r"); if (in == NULL) { ERR_print_errors(bio_err); goto err; } + +#ifndef OPENSSL_NO_POSIX_IO +BIO_get_fp(in, ); +if (fstat(fileno(dbfp), ) == -1) { +SYSerr(SYS_F_FSTAT, errno); +ERR_add_error_data(3, "fstat('", dbfile, "')"); +ERR_print_errors(bio_err); +goto err; +} +#endif + if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL) goto err; @@ -1570,6 +1585,11 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) } } +retdb->dbfname = OPENSSL_strdup(dbfile); +#ifndef OPENSSL_NO_POSIX_IO +retdb->dbst = dbst; +#endif + err: NCONF_free(dbattr_conf); TXT_DB_free(tmpdb); @@ -1715,6 +1735,7 @@ void free_index(CA_DB *db) { if (db) { TXT_DB_free(db->db); +OPENSSL_free(db->dbfname); OPENSSL_free(db); } } diff --git a/apps/apps.h b/apps/apps.h index 3086f09..aa63527 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -14,6 +14,12 @@ # include "internal/nelem.h" # include +# include +# ifndef OPENSSL_NO_POSIX_IO +# include +# include +# endif + # include # include # include @@ -509,6 +515,10 @@ typedef struct db_attr_st { typedef struct ca_db_st { DB_ATTR attributes; TXT_DB *db; +char *dbfname; +# ifndef OPENSSL_NO_POSIX_IO +struct stat dbst; +# endif } CA_DB; void* app_malloc(int sz, const char *what); diff --git a/apps/ocsp.c b/apps/ocsp.c index bd16a5b..6de0117 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -26,6 +26,7 @@ NON_EMPTY_TRANSLATION_UNIT /* Needs to be included before the openssl headers */ # include "apps.h" # include "progs.h" +# include "internal/sockets.h"
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 00cd974f46f8d61896fdf3ca2b238f88e5b9216f (commit) from c1190c32c42b1e3ce35ea2ea8f214f46f336c5ed (commit) - Log - commit 00cd974f46f8d61896fdf3ca2b238f88e5b9216f Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Mar 2 10:30:04 2018 -0500 Fix wrong case in documentation of -CRLfile option Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: doc/apps/verify.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index 321d5ac..2516718 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -15,7 +15,7 @@ B B [B<-ignore_critical>] [B<-attime timestamp>] [B<-check_ss_sig>] -[B<-crlfile file>] +[B<-CRLfile file>] [B<-crl_download>] [B<-crl_check>] [B<-crl_check_all>] @@ -69,7 +69,7 @@ current system time. B is the number of seconds since Verify the signature on the self-signed root CA. This is disabled by default because it doesn't add any security. -=item B<-crlfile file> +=item B<-CRLfile file> File containing one or more CRL's (in PEM format) to load. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 144724c75584054329a9d6bb7711cec527fbf523 (commit) from b91891043df21928b72d8093a22a396eca58aa5b (commit) - Log - commit 144724c75584054329a9d6bb7711cec527fbf523 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Feb 13 22:43:15 2018 -0500 Avoid fragile aliasing of SHA224/384 update/final This is purported to save a few cycles, but makes the code less obvious and more brittle, and in fact breaks on platforms where for ABI continuity reasons there is a SHA2 implementation in libc, and so EVP needs to call those to avoid conflicts. A sufficiently good optimizer could simply generate the same entry points for: foo(...) { ... } and bar(...) { return foo(...); } but, even without that, the different is negligible, with the "winner" varying from run to run (openssl speed -evp sha384): Old: type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes 16384 bytes sha384 28864.28k 117362.62k 266469.21k 483258.03k 635144.87k 649123.16k New: type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes 16384 bytes sha384 30055.18k 120725.98k 272057.26k 482847.40k 634585.09k 650308.27k Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: crypto/evp/m_sha1.c | 33 - 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index 8f30077..ac0ead3 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -115,16 +115,21 @@ static int init224(EVP_MD_CTX *ctx) return SHA224_Init(EVP_MD_CTX_md_data(ctx)); } +static int update224(EVP_MD_CTX *ctx, const void *data, size_t count) +{ +return SHA224_Update(EVP_MD_CTX_md_data(ctx), data, count); +} + +static int final224(EVP_MD_CTX *ctx, unsigned char *md) +{ +return SHA224_Final(md, EVP_MD_CTX_md_data(ctx)); +} + static int init256(EVP_MD_CTX *ctx) { return SHA256_Init(EVP_MD_CTX_md_data(ctx)); } -/* - * Even though there're separate SHA224_[Update|Final], we call - * SHA256 functions even in SHA224 context. This is what happens - * there anyway, so we can spare few CPU cycles:-) - */ static int update256(EVP_MD_CTX *ctx, const void *data, size_t count) { return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count); @@ -141,8 +146,8 @@ static const EVP_MD sha224_md = { SHA224_DIGEST_LENGTH, EVP_MD_FLAG_DIGALGID_ABSENT, init224, -update256, -final256, +update224, +final224, NULL, NULL, SHA256_CBLOCK, @@ -178,6 +183,16 @@ static int init384(EVP_MD_CTX *ctx) return SHA384_Init(EVP_MD_CTX_md_data(ctx)); } +static int update384(EVP_MD_CTX *ctx, const void *data, size_t count) +{ +return SHA384_Update(EVP_MD_CTX_md_data(ctx), data, count); +} + +static int final384(EVP_MD_CTX *ctx, unsigned char *md) +{ +return SHA384_Final(md, EVP_MD_CTX_md_data(ctx)); +} + static int init512(EVP_MD_CTX *ctx) { return SHA512_Init(EVP_MD_CTX_md_data(ctx)); @@ -200,8 +215,8 @@ static const EVP_MD sha384_md = { SHA384_DIGEST_LENGTH, EVP_MD_FLAG_DIGALGID_ABSENT, init384, -update512, -final512, +update384, +final384, NULL, NULL, SHA512_CBLOCK, _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via babab8e7c9060cd4e8e423a783853503982a5d27 (commit) from 72960279562e9af53264155a46b4a0b6a40f9590 (commit) - Log - commit babab8e7c9060cd4e8e423a783853503982a5d27 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Feb 13 22:43:15 2018 -0500 Avoid fragile aliasing of SHA224/384 update/final This is purported to save a few cycles, but makes the code less obvious and more brittle, and in fact breaks on platforms where for ABI continuity reasons there is a SHA2 implementation in libc, and so EVP needs to call those to avoid conflicts. A sufficiently good optimizer could simply generate the same entry points for: foo(...) { ... } and bar(...) { return foo(...); } but, even without that, the different is negligible, with the "winner" varying from run to run (openssl speed -evp sha384): Old: type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes 16384 bytes sha384 28864.28k 117362.62k 266469.21k 483258.03k 635144.87k 649123.16k New: type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes 16384 bytes sha384 30055.18k 120725.98k 272057.26k 482847.40k 634585.09k 650308.27k Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: crypto/evp/m_sha1.c | 33 - 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index d73e412..ac52417 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -116,16 +116,21 @@ static int init224(EVP_MD_CTX *ctx) return SHA224_Init(EVP_MD_CTX_md_data(ctx)); } +static int update224(EVP_MD_CTX *ctx, const void *data, size_t count) +{ +return SHA224_Update(EVP_MD_CTX_md_data(ctx), data, count); +} + +static int final224(EVP_MD_CTX *ctx, unsigned char *md) +{ +return SHA224_Final(md, EVP_MD_CTX_md_data(ctx)); +} + static int init256(EVP_MD_CTX *ctx) { return SHA256_Init(EVP_MD_CTX_md_data(ctx)); } -/* - * Even though there're separate SHA224_[Update|Final], we call - * SHA256 functions even in SHA224 context. This is what happens - * there anyway, so we can spare few CPU cycles:-) - */ static int update256(EVP_MD_CTX *ctx, const void *data, size_t count) { return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count); @@ -142,8 +147,8 @@ static const EVP_MD sha224_md = { SHA224_DIGEST_LENGTH, EVP_MD_FLAG_DIGALGID_ABSENT, init224, -update256, -final256, +update224, +final224, NULL, NULL, SHA256_CBLOCK, @@ -189,6 +194,16 @@ static int init384(EVP_MD_CTX *ctx) return SHA384_Init(EVP_MD_CTX_md_data(ctx)); } +static int update384(EVP_MD_CTX *ctx, const void *data, size_t count) +{ +return SHA384_Update(EVP_MD_CTX_md_data(ctx), data, count); +} + +static int final384(EVP_MD_CTX *ctx, unsigned char *md) +{ +return SHA384_Final(md, EVP_MD_CTX_md_data(ctx)); +} + static int init512(EVP_MD_CTX *ctx) { return SHA512_Init(EVP_MD_CTX_md_data(ctx)); @@ -249,8 +264,8 @@ static const EVP_MD sha384_md = { SHA384_DIGEST_LENGTH, EVP_MD_FLAG_DIGALGID_ABSENT, init384, -update512, -final512, +update384, +final384, NULL, NULL, SHA512_CBLOCK, _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 04f53be990f9d1d7c5f7b8f10568df6ebafccf65 (commit) from 5a91d332d96400630e76a15121ead56aeeec (commit) - Log - commit 04f53be990f9d1d7c5f7b8f10568df6ebafccf65 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Feb 9 18:34:33 2018 -0500 Avoid leaking peername data via accept BIOs Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit 4e0752535eb87b9aab4cf193f4422b5801ab7b32) --- Summary of changes: crypto/bio/bss_acpt.c | 5 + 1 file changed, 5 insertions(+) diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index f0fe7f0..4be4781 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -271,6 +271,11 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c) BIO_clear_retry_flags(b); b->retry_reason = 0; +OPENSSL_free(c->cache_peer_name); +c->cache_peer_name = NULL; +OPENSSL_free(c->cache_peer_serv); +c->cache_peer_serv = NULL; + s = BIO_accept_ex(c->accept_sock, >cache_peer_addr, c->accepted_mode); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via cc94da4ea38cc2a4a47e0a14ef9e361a2d723eff (commit) from b44a65512a4a0a299f8f817b63df472e74a0007a (commit) - Log - commit cc94da4ea38cc2a4a47e0a14ef9e361a2d723eff Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Dec 13 10:55:38 2017 -0500 Add x509(1) reference Reviewed-by: Ben Kaduk <ka...@mit.edu> --- Summary of changes: doc/man3/X509_VERIFY_PARAM_set_flags.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 947bd8a..48c2fdf 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -340,7 +340,8 @@ connections associated with an B structure B: L<X509_verify_cert(3)>, L<X509_check_host(3)>, L<X509_check_email(3)>, -L<X509_check_ip(3)> +L<X509_check_ip(3)>, +L<x509(1)> =head1 HISTORY _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 35a37158181fb0129b632b450ded1114fe4fbb37 (commit) from 94b372b4c9e0f5e0fc7785ad8fee347479854009 (commit) - Log - commit 35a37158181fb0129b632b450ded1114fe4fbb37 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Dec 13 10:57:51 2017 -0500 Add x509(1) reference Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index b778d94..b6c3296 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -338,7 +338,8 @@ connections associated with an B structure B: L<X509_verify_cert(3)>, L<X509_check_host(3)>, L<X509_check_email(3)>, -L<X509_check_ip(3)> +L<X509_check_ip(3)>, +L<x509(1)> =head1 HISTORY _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 6f4c54dcf3e45b2713c93cf1bfc22f40869ed00b (commit) from 71d53e8ba5b9eeca9151f516f061ecdcbedbab00 (commit) - Log - commit 6f4c54dcf3e45b2713c93cf1bfc22f40869ed00b Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Dec 13 10:56:44 2017 -0500 Add missing comma between references Reviewed-by: Ben Kaduk <ka...@mit.edu> Reviewed-by: Paul Dale <paul.d...@oracle.com> --- Summary of changes: doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index b7edfb4..10399ec 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -256,7 +256,7 @@ connections associated with an B structure B: L<X509_verify_cert(3)|X509_verify_cert(3)>, L<X509_check_host(3)|X509_check_host(3)>, L<X509_check_email(3)|X509_check_email(3)>, -L<X509_check_ip(3)|X509_check_ip(3)> +L<X509_check_ip(3)|X509_check_ip(3)>, L<x509(1)|x509(1)> =head1 HISTORY _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 71d53e8ba5b9eeca9151f516f061ecdcbedbab00 (commit) from b6adfa043fcd33960c277a75984701e87d06fa33 (commit) - Log - commit 71d53e8ba5b9eeca9151f516f061ecdcbedbab00 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon Dec 11 19:05:35 2017 -0500 Document the X509_V_FLAG_PARTIAL_CHAIN flag Also documented X509_V_FLAG_TRUSTED_FIRST Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 22 ++ 1 file changed, 22 insertions(+) diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 44792f9..b7edfb4 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -203,6 +203,27 @@ chain found is not trusted, then OpenSSL will continue to check to see if an alternative chain can be found that is trusted. With this flag set the behaviour will match that of OpenSSL versions prior to 1.0.2b. +The B flag causes chain construction to look for +issuers in the trust store before looking at the untrusted certificates +provided as part of the the peer chain. +Though it is not on by default in OpenSSL 1.0.2, applications should generally +set this flag. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important When some certificates in the trust store have +explicit trust settings (see "TRUST SETTINGS" in L<x509(1)>). + +The B flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root CA certificates. +This makes it possible to trust certificates issued by an intermediate CA +without having to trust its ancestor root CA. +With OpenSSL 1.0.2, chain construction continues as long as there are +additional trusted issuers in the trust store, and the last trusted issuer +becomes the trust-anchor. +Thus, even when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may still be anchored by a root CA. + =head1 NOTES The above functions should be used to manipulate verification parameters @@ -236,6 +257,7 @@ L<X509_verify_cert(3)|X509_verify_cert(3)>, L<X509_check_host(3)|X509_check_host(3)>, L<X509_check_email(3)|X509_check_email(3)>, L<X509_check_ip(3)|X509_check_ip(3)> +L<x509(1)|x509(1)> =head1 HISTORY _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via f517911d3106bdbc5052b1b85560eb6499e3b741 (commit) from eb48052ec96a7551391b5955f03f5ef70b3528f6 (commit) - Log - commit f517911d3106bdbc5052b1b85560eb6499e3b741 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon Dec 11 18:33:59 2017 -0500 Document the X509_V_FLAG_PARTIAL_CHAIN flag Also improved documentation of TRUSTED_FIRST Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: doc/man3/X509_VERIFY_PARAM_set_flags.pod | 25 + 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index a4e3061..947bd8a 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -248,10 +248,14 @@ check the signature anyway. A side effect of not checking the root CA signature is that disabled or unsupported message digests on the root CA are not treated as fatal errors. -If B is set, when constructing the certificate chain, -L<X509_verify_cert(3)> will search the trust store for issuer certificates before -searching the provided untrusted certificates. -As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. +When B is set, construction of the certificate chain +in L<X509_verify_cert(3)> will search the trust store for issuer certificates +before searching the provided untrusted certificates. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important when some certificates in the trust store have +explicit trust settings (see "TRUST SETTINGS" in L<x509(1)>). +As of OpenSSL 1.1.0 this option is on by default. The B flag suppresses checking for alternative chains. @@ -263,6 +267,19 @@ found that is trusted. As of OpenSSL 1.1.0, with B always set, this option has no effect. +The B flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root CA certificates. +This makes it possible to trust certificates issued by an intermediate CA +without having to trust its ancestor root CA. +With OpenSSL 1.1.0 and later and set, chain +construction stops as soon as the first certificate from the trust store is +added to the chain, whether that certificate is a self-signed "root" +certificate or a not self-signed intermediate certificate. +Thus, when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may be shorter than it otherwise would +be without the B flag. + The B flag suppresses checking the validity period of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time() is used to specify a verification time, the check is not suppressed. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via f053c215024d2dc6f8d9ce2047dc18ccf4015e19 (commit) from dea20b941f68c60fbe1885ecf8156a76eb30789a (commit) - Log - commit f053c215024d2dc6f8d9ce2047dc18ccf4015e19 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon Dec 11 18:37:58 2017 -0500 Document the X509_V_FLAG_PARTIAL_CHAIN flag Also improved documentation of TRUSTED_FIRST Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 25 + 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index d081d98..b778d94 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -248,10 +248,14 @@ check the signature anyway. A side effect of not checking the root CA signature is that disabled or unsupported message digests on the root CA are not treated as fatal errors. -If B is set, when constructing the certificate chain, -L<X509_verify_cert(3)> will search the trust store for issuer certificates before -searching the provided untrusted certificates. -As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. +When B is set, construction of the certificate chain +in L<X509_verify_cert(3)> will search the trust store for issuer certificates +before searching the provided untrusted certificates. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important when some certificates in the trust store have +explicit trust settings (see "TRUST SETTINGS" in L<x509(1)>). +As of OpenSSL 1.1.0 this option is on by default. The B flag suppresses checking for alternative chains. @@ -263,6 +267,19 @@ found that is trusted. As of OpenSSL 1.1.0, with B always set, this option has no effect. +The B flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root CA certificates. +This makes it possible to trust certificates issued by an intermediate CA +without having to trust its ancestor root CA. +With OpenSSL 1.1.0 and later and set, chain +construction stops as soon as the first certificate from the trust store is +added to the chain, whether that certificate is a self-signed "root" +certificate or a not self-signed intermediate certificate. +Thus, when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may be shorter than it otherwise would +be without the B flag. + The B flag suppresses checking the validity period of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time() is used to specify a verification time, the check is not suppressed. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via e6f38fb817d831ed093f7d7140325783b5556d8f (commit) from a61c15eb9b8d0ef513d695c854516958e2ccf1eb (commit) - Log - commit e6f38fb817d831ed093f7d7140325783b5556d8f Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon Nov 20 21:30:04 2017 -0500 Make possible variant SONAMEs and symbol versions This small change in the Unix template and shared library build scripts enables building "variant" shared libraries. A "variant" shared library has a non-default SONAME, and non default symbol versions. This makes it possible to build (say) an OpenSSL 1.1.0 library that can coexist without conflict in the same process address space as the system's default OpenSSL library which may be OpenSSL 1.0.2. Such "variant" shared libraries make it possible to link applications against a custom OpenSSL library installed in /opt/openssl/1.1 or similar location, and not risk conflict with an indirectly loaded OpenSSL runtime that is required by some other dependency. Variant shared libraries have been fully tested under Linux, and build successfully on MacOS/X producing variant DYLD names. MacOS/X Darwin has no symbol versioning, but has a non-flat library namespace. Variant libraries may therefore support multiple OpenSSL libraries in the same address space also with MacOS/X, despite lack of symbol versions, but this has not been verified. Variant shared libraries are optional and off by default. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: Configurations/README | 21 ++ Configurations/unix-Makefile.tmpl | 3 +- util/mkdef.pl | 58 +-- 3 files changed, 78 insertions(+), 4 deletions(-) diff --git a/Configurations/README b/Configurations/README index 47971c2..eecf1ea 100644 --- a/Configurations/README +++ b/Configurations/README @@ -86,6 +86,27 @@ In each table entry, the following keys are significant: files. On unix, this defaults to "" (NOTE: this is here for future use, it's not implemented yet) +shlib_variant => A "variant" identifier inserted between the base + shared library name and the extension. On "unixy" + platforms (BSD, Linux, Solaris, MacOS/X, ...) this + supports installation of custom OpenSSL libraries + that don't conflict with other builds of OpenSSL + installed on the system. The variant identifier + becomes part of the SONAME of the library and also + any symbol versions (symbol versions are not used or + needed with MacOS/X). For example, on a system + where a default build would normally create the SSL + shared library as 'libssl.so -> libssl.so.1.1' with + the value of the symlink as the SONAME, a target + definition that sets 'shlib_variant => "-abc"' will + create 'libssl.so -> libssl-abc.so.1.1', again with + an SONAME equal to the value of the symlink. The + symbol versions associated with the variant library + would then be 'OPENSSL_ABC_' rather than + the default 'OPENSSL_'. The string inserted + into symbol versions is obtained by mapping all + letters in the "variant" identifier to upper case + and all non-alphanumeric characters to '_'. thread_scheme => The type of threads is used on the configured platform. Currently known diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index f044e95..39c4402 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -8,6 +8,7 @@ our $exeext = $target{exe_extension} || ""; our $libext = $target{lib_extension} || ".a"; our $shlibext = $target{shared_extension} || ".so"; + our $shlibvariant = $target{shlib_variant} || ""; our $shlibextsimple = $target{shared_extension_simple} || ".so"; our $shlibextimport = $target{shared_import_extension} || ""; our $dsoext = $target{dso_extension} || ".so"; @@ -40,7
[openssl-commits] [openssl] master update
The branch master has been updated via 822b5e2645a99bea15329bd66c9723c7e7119cdb (commit) from a4cefc86c820d3894ca960857ba4e7cf8e2014b0 (commit) - Log - commit 822b5e2645a99bea15329bd66c9723c7e7119cdb Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon Nov 20 21:30:04 2017 -0500 Make possible variant SONAMEs and symbol versions This small change in the Unix template and shared library build scripts enables building "variant" shared libraries. A "variant" shared library has a non-default SONAME, and non default symbol versions. This makes it possible to build (say) an OpenSSL 1.1.0 library that can coexist without conflict in the same process address space as the system's default OpenSSL library which may be OpenSSL 1.0.2. Such "variant" shared libraries make it possible to link applications against a custom OpenSSL library installed in /opt/openssl/1.1 or similar location, and not risk conflict with an indirectly loaded OpenSSL runtime that is required by some other dependency. Variant shared libraries have been fully tested under Linux, and build successfully on MacOS/X producing variant DYLD names. MacOS/X Darwin has no symbol versioning, but has a non-flat library namespace. Variant libraries may therefore support multiple OpenSSL libraries in the same address space also with MacOS/X, despite lack of symbol versions, but this has not been verified. Variant shared libraries are optional and off by default. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: Configurations/README | 21 ++ Configurations/unix-Makefile.tmpl | 3 +- util/mkdef.pl | 58 +-- 3 files changed, 78 insertions(+), 4 deletions(-) diff --git a/Configurations/README b/Configurations/README index 5274559..a80c126 100644 --- a/Configurations/README +++ b/Configurations/README @@ -101,6 +101,27 @@ In each table entry, the following keys are significant: files. On unix, this defaults to "" (NOTE: this is here for future use, it's not implemented yet) +shlib_variant => A "variant" identifier inserted between the base + shared library name and the extension. On "unixy" + platforms (BSD, Linux, Solaris, MacOS/X, ...) this + supports installation of custom OpenSSL libraries + that don't conflict with other builds of OpenSSL + installed on the system. The variant identifier + becomes part of the SONAME of the library and also + any symbol versions (symbol versions are not used or + needed with MacOS/X). For example, on a system + where a default build would normally create the SSL + shared library as 'libssl.so -> libssl.so.1.1' with + the value of the symlink as the SONAME, a target + definition that sets 'shlib_variant => "-abc"' will + create 'libssl.so -> libssl-abc.so.1.1', again with + an SONAME equal to the value of the symlink. The + symbol versions associated with the variant library + would then be 'OPENSSL_ABC_' rather than + the default 'OPENSSL_'. The string inserted + into symbol versions is obtained by mapping all + letters in the "variant" identifier to upper case + and all non-alphanumeric characters to '_'. thread_scheme => The type of threads is used on the configured platform. Currently known diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index dfd80c2..d66160f 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -8,6 +8,7 @@ our $exeext = $target{exe_extension} || ""; our $libext = $target{lib_extension} || ".a"; our $shlibext = $target{shared_extension} || ".so"; + our $shlibvariant = $target{shlib_variant} || ""; our $shlibextsimple = $target{shared_extension_simple} || ".so"; our $shlibextimport = $target{shared_import_extension} || ""; our $dsoext = $target{dso_extension} || ".so"; @@ -40,7 +41,7 @@ sub shli
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 72ea4b8de29bd29dcc44b3d3a73660fe4d1bba40 (commit) from 9fa506681c842bf9b27ddf4ea8579c4695be3bfa (commit) - Log - commit 72ea4b8de29bd29dcc44b3d3a73660fe4d1bba40 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Nov 25 00:38:04 2016 -0500 Restore last-resort expired untrusted intermediate issuers Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: crypto/x509/x509_vfy.c | 15 --- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 9fbef11..ebc4424 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -308,16 +308,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx) static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) { int i; +X509 *issuer, *rv = NULL; for (i = 0; i < sk_X509_num(sk); i++) { -X509 *issuer = sk_X509_value(sk, i); - -if (!ctx->check_issued(ctx, x, issuer)) -continue; -if (x509_check_cert_time(ctx, issuer, -1)) -return issuer; +issuer = sk_X509_value(sk, i); +if (ctx->check_issued(ctx, x, issuer)) { +rv = issuer; +if (x509_check_cert_time(ctx, rv, -1)) +break; +} } -return NULL; +return rv; } /* Given a possible certificate and issuer check them */ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 3307000d9852acac98ebc1b82cacc9b14240d798 (commit) from 5ae4ceb92c2ae6c677b1de2c477dce71a4d94716 (commit) - Log - commit 3307000d9852acac98ebc1b82cacc9b14240d798 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Jul 12 11:10:05 2016 -0400 Make update Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: util/libssl.num | 4 1 file changed, 4 insertions(+) diff --git a/util/libssl.num b/util/libssl.num index d023293..f19ee4c 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -396,3 +396,7 @@ SSL_SESSION_get0_hostname 396 1_1_0 EXIST::FUNCTION: SSL_client_version 3971_1_0 EXIST::FUNCTION: SSL_SESSION_get_protocol_version3981_1_0 EXIST::FUNCTION: SSL_is_dtls 3991_1_0 EXIST::FUNCTION: +SSL_CTX_dane_set_flags 4001_1_0 EXIST::FUNCTION: +SSL_dane_set_flags 4011_1_0 EXIST::FUNCTION: +SSL_CTX_dane_clear_flags4021_1_0 EXIST::FUNCTION: +SSL_dane_clear_flags4031_1_0 EXIST::FUNCTION: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 5ae4ceb92c2ae6c677b1de2c477dce71a4d94716 (commit) from d83b7e1a580b2f68a041d178e91e9495ec95e383 (commit) - Log - commit 5ae4ceb92c2ae6c677b1de2c477dce71a4d94716 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Jul 10 20:36:02 2016 -0400 Perform DANE-EE(3) name checks by default In light of potential UKS (unknown key share) attacks on some applications, primarily browsers, despite RFC761, name checks are by default applied with DANE-EE(3) TLSA records. Applications for which UKS is not a problem can optionally disable DANE-EE(3) name checks via the new SSL_CTX_dane_set_flags() and friends. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: crypto/x509/x509_vfy.c | 4 ++ doc/ssl/SSL_CTX_dane_enable.pod | 47 - include/internal/dane.h | 2 + include/openssl/ssl.h | 7 ++ include/openssl/x509_vfy.h | 1 + ssl/ssl_lib.c | 37 ++ test/danetest.c | 6 +- test/danetest.in| 147 ++-- 8 files changed, 200 insertions(+), 51 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 469a0a8..ee1c9af 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2765,6 +2765,10 @@ static int dane_verify(X509_STORE_CTX *ctx) /* Callback invoked as needed */ if (!check_leaf_suiteb(ctx, cert)) return 0; +/* Callback invoked as needed */ +if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 && +!check_id(ctx)) +return 0; /* Bypass internal_verify(), issue depth 0 success callback */ ctx->error_depth = 0; ctx->current_cert = cert; diff --git a/doc/ssl/SSL_CTX_dane_enable.pod b/doc/ssl/SSL_CTX_dane_enable.pod index 7923bf4..fb535ec 100644 --- a/doc/ssl/SSL_CTX_dane_enable.pod +++ b/doc/ssl/SSL_CTX_dane_enable.pod @@ -3,7 +3,9 @@ =head1 NAME SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, -SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa - +SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa +SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, +SSL_dane_set_flags, SSL_dane_clear_flags - enable DANE TLS authentication of the remote TLS server in the local TLS client @@ -21,6 +23,10 @@ TLS client int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, uint8_t *mtype, unsigned const char **data, size_t *dlen); + unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); + unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); + unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); + unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); =head1 DESCRIPTION @@ -124,6 +130,33 @@ The B parameter is set to a short-term internal-copy of the associated data field and must not be freed by the application. Applications that need long-term access to this field need to copy the content. +SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable +optional DANE verification features. +SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable +the same features. +The B argument is a bitmask of the features to enable or disable. +The B set for an B context are copied to each B handle +associated with that context at the time the handle is created. +Subsequent changes in the context's B have no effect on the B set +for the handle. + +At present, the only available option is B +which can be used to disable server name checks when authenticating via +DANE-EE(3) TLSA records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to "unknown key share" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of RFC7671, name checks are by default enabled for +DANE-EE(3) TLSA records, and can be disabled in applications where it is safe +to do so. +In particular, SMTP and XMPP clients should set this option as SRV and MX +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case SMTP and XMPP clients +do not execute scripts downloaded from remote servers. + =head1 RETURN VALUES The functions SSL_CTX_dane_enable(), SSL_CTX_dane_mtype_set(), @@ -142,6 +175,10 @@ non-negative value indicates the chain depth at which the TLSA record matched a chai
[openssl-commits] [openssl] master update
The branch master has been updated via 1d03b7b893223b1b049cb992e5c57c9a10f5846c (commit) from 7498162d753fc21aa4a30cb0855479dac0515f5c (commit) - Log - commit 1d03b7b893223b1b049cb992e5c57c9a10f5846c Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Jul 10 21:09:38 2016 -0400 Don't rely on implicit rsa.h inclusion With no-deprecated, some nested includes don't happen by default. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: fuzz/server.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fuzz/server.c b/fuzz/server.c index 34c7734..0076306 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -15,6 +15,7 @@ #include #include +#include #include "fuzzer.h" static const uint8_t kCertificateDER[] = { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 615dd78b72a822b31ad17623afcf1293bfee3570 (commit) from d0ba3119def9e2683bc517c8189c33d76373e6c1 (commit) - Log - commit 615dd78b72a822b31ad17623afcf1293bfee3570 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Thu Jun 23 23:28:34 2016 +1000 Drop extraneous printf argument in mkcert.sh Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: test/certs/mkcert.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh index ced08ea..8863254 100755 --- a/test/certs/mkcert.sh +++ b/test/certs/mkcert.sh @@ -61,7 +61,7 @@ req() { stderr_onerror \ openssl req -new -"${OPENSSL_SIGALG}" -key "${key}.pem" \ -config <(printf "[req]\n%s\n%s\n[dn]\n" \ - "prompt = no" "distinguished_name = dn" "${dn}" + "prompt = no" "distinguished_name = dn" for dn in "$@"; do echo "$dn"; done) } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 501d53c60091fdc8ed6ab1aa5ad96a71425d8dfd (commit) from 3470795171b8aecd4dbc86061600093b86b23c0e (commit) - Log - commit 501d53c60091fdc8ed6ab1aa5ad96a71425d8dfd Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Jun 5 11:13:34 2016 -0400 Silence misleading test_abort stderr output Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: test/recipes/01-test_abort.t | 1 + 1 file changed, 1 insertion(+) diff --git a/test/recipes/01-test_abort.t b/test/recipes/01-test_abort.t index 2f121e2..a6a7f31 100644 --- a/test/recipes/01-test_abort.t +++ b/test/recipes/01-test_abort.t @@ -13,4 +13,5 @@ setup("test_abort"); plan tests => 1; +open STDERR, ">", "/dev/null"; is(run(test(["aborttest"])), 0, "Testing that abort is caught correctly"); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 5553a12735e11bc9aa28727afe721e7236788aab (commit) via 96747f0f4e43863a1ec446a95463c2fca9b6ae82 (commit) from 2e648db2469ea94d54fa51e3af7ac54663b94966 (commit) - Log - commit 5553a12735e11bc9aa28727afe721e7236788aab Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue May 17 18:25:40 2016 -0400 Ensure verify error is set when X509_verify_cert() fails Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot continue due to malloc failure. Similarly for issuer lookup failures and caller errors (bad parameters or invalid state). Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Add new and some missing error codes to X509 error -> SSL alert switch. Reviewed-by: Tim Hudson <t...@openssl.org> commit 96747f0f4e43863a1ec446a95463c2fca9b6ae82 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon May 16 21:38:03 2016 -0400 Clarify negative return from X509_verify_cert() Reviewed-by: Tim Hudson <t...@openssl.org> --- Summary of changes: crypto/x509/x509_txt.c | 5 + crypto/x509/x509_vfy.c | 39 ++- crypto/x509/x509_vfy.h | 7 +-- crypto/x509v3/v3_addr.c | 6 ++ doc/crypto/X509_verify_cert.pod | 13 +++-- ssl/s3_both.c | 6 ++ 6 files changed, 63 insertions(+), 13 deletions(-) diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 3d46d3f..4475715 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -204,6 +204,11 @@ const char *X509_verify_cert_error_string(long n) case X509_V_ERR_IP_ADDRESS_MISMATCH: return ("IP address mismatch"); +case X509_V_ERR_INVALID_CALL: +return ("Invalid certificate verification context"); +case X509_V_ERR_STORE_LOOKUP: +return ("Issuer certificate lookup error"); + default: BIO_snprintf(buf, sizeof buf, "error number %ld", n); return (buf); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 4d34dba..f3fe255 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -199,6 +199,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (ctx->cert == NULL) { X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); +ctx->error = X509_V_ERR_INVALID_CALL; return -1; } if (ctx->chain != NULL) { @@ -207,6 +208,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * cannot do another one. */ X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +ctx->error = X509_V_ERR_INVALID_CALL; return -1; } @@ -219,6 +221,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (((ctx->chain = sk_X509_new_null()) == NULL) || (!sk_X509_push(ctx->chain, ctx->cert))) { X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); +ctx->error = X509_V_ERR_OUT_OF_MEM; ok = -1; goto err; } @@ -229,6 +232,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (ctx->untrusted != NULL && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); +ctx->error = X509_V_ERR_OUT_OF_MEM; ok = -1; goto err; } @@ -253,8 +257,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx) */ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { ok = ctx->get_issuer(, ctx, x); -if (ok < 0) +if (ok < 0) { +ctx->error = X509_V_ERR_STORE_LOOKUP; goto err; +} /* * If successful for now free up cert so it will be picked up * again later. @@ -271,6 +277,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (xtmp != NULL) { if (!sk_X509_push(ctx->chain, xtmp)) { X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); +ctx->error = X509_V_ERR_OUT_OF_MEM; ok = -1; goto err; } @@ -352,14 +359,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx) break; ok = ctx->get_issuer(, ctx, x); -if (ok < 0) +if (ok < 0) { +ctx->error = X509_V_ERR_STORE_LOOKUP; goto err; +
[openssl-commits] [openssl] master update
The branch master has been updated via e64b5557814e2c9eb1aca111936cb8ac151dfceb (commit) from f75b34c8c81d7277fa002120d4c8dc36c39d1ff5 (commit) - Log - commit e64b5557814e2c9eb1aca111936cb8ac151dfceb Author: Ben LaurieDate: Wed May 18 17:20:07 2016 +0100 ok was uninitialised on failure. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov --- Summary of changes: crypto/objects/obj_dat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 820c275..3b836fe 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -680,7 +680,7 @@ int OBJ_create_objects(BIO *in) int OBJ_create(const char *oid, const char *sn, const char *ln) { ASN1_OBJECT *tmpoid = NULL; -int ok; +int ok = 0; /* Check to see if short or long name already present */ if (OBJ_sn2nid(sn) != NID_undef || OBJ_ln2nid(ln) != NID_undef) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via f75b34c8c81d7277fa002120d4c8dc36c39d1ff5 (commit) from a5a3722bc185b2b183dcaafaf17b3d07a5fa (commit) - Log - commit f75b34c8c81d7277fa002120d4c8dc36c39d1ff5 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri May 13 00:36:56 2016 -0400 When strict SCT fails record verification failure Since with SSL_VERIFY_NONE, the connection may continue and the session may even be cached, we should save some evidence that the chain was not sufficiently verified and would have been rejected with SSL_VERIFY_PEER. To that end when a CT callback returs failure we set the verify result to X509_V_ERR_NO_VALID_SCTS. Note: We only run the CT callback in the first place if the verify result is still X509_V_OK prior to start of the callback. RT #4502 Reviewed-by: Tim Hudson <t...@openssl.org> --- Summary of changes: crypto/x509/x509_txt.c | 2 ++ doc/ssl/SSL_CTX_set_ct_validation_callback.pod | 31 +- include/openssl/x509_vfy.h | 3 ++- ssl/ssl_lib.c | 17 ++ 4 files changed, 41 insertions(+), 12 deletions(-) diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 5341e79..ae54de1 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -165,6 +165,8 @@ const char *X509_verify_cert_error_string(long n) return ("Invalid certificate verification context"); case X509_V_ERR_STORE_LOOKUP: return ("Issuer certificate lookup error"); +case X509_V_ERR_NO_VALID_SCTS: +return ("Certificate Transparency required, but no valid SCTs found"); default: /* Printing an error number into a static buffer is not thread-safe */ diff --git a/doc/ssl/SSL_CTX_set_ct_validation_callback.pod b/doc/ssl/SSL_CTX_set_ct_validation_callback.pod index ec51c75..bcd68d3 100644 --- a/doc/ssl/SSL_CTX_set_ct_validation_callback.pod +++ b/doc/ssl/SSL_CTX_set_ct_validation_callback.pod @@ -33,21 +33,29 @@ The behaviour of the callback is determined by the B argument, which can be either of B or B as described below. +If B is equal to B, then in a full +TLS handshake with the verification mode set to B, if the peer +presents no valid SCTs the handshake will be aborted. +If the verification mode is B, the handshake will continue +despite lack of valid SCTs. +However, in that case if the verification status before the built-in callback +was B it will be set to B after the +callback. +Applications can call L<SSL_get_verify_result(3)> to check the status at +handshake completion, even after session resumption since the verification +status is part of the saved session state. +See L<SSL_set_verify(3)>, <SSL_get_verify_result(3)>, L<SSL_session_reused(3)>. + If B is equal to B, then the -handshake continues regardless of the validation status of any SCTs. -The application can inspect the validation status of the SCTs at handshake -completion. +handshake continues, and the verification status is not modified, regardless of +the validation status of any SCTs. +The application can still inspect the validation status of the SCTs at +handshake completion. Note that with session resumption there will not be any SCTs presented during the handshake. Therefore, in applications that delay SCT policy enforcement until after -handshake completion, SCT checks should only be performed when the session is -not reused. -See L<SSL_session_reused(3)>. - -If B is equal to B, then in a full -TLS handshake with the verification mode set to B, if the peer -presents no valid SCTs the handshake will be aborted. -See L<SSL_set_verify(3)>. +handshake completion, such delayed SCT checks should only be performed when the +session is not resumed. SSL_set_ct_validation_callback() and SSL_CTX_set_ct_validation_callback() register a custom callback that may implement a different policy than either of @@ -112,6 +120,7 @@ callback) is set. =head1 SEE ALSO L<ssl(3)>, +<SSL_get_verify_result(3)>, L<SSL_session_reused(3)>, L<SSL_set_verify(3)>, L<SSL_CTX_set_verify(3)>, diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 44f1f16..3adfaa3 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -158,11 +158,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_EE_KEY_TOO_SMALL 66 # define X509_V_ERR_CA_KEY_TOO_SMALL 67 # define X509_V_ERR_CA_MD_TOO_WEAK 68 - /* Caller error */ # define X509_V_ERR_INVALID_CALL 69 /* Issuer looku
[openssl-commits] [openssl] master update
The branch master has been updated via a5a3722bc185b2b183dcaafaf17b3d07a5fa (commit) via 67787844f11fd7614bb26452fda1a1de3ed005ef (commit) from 276fa9bda99d12666441277afa39f81ae374437d (commit) - Log - commit a5a3722bc185b2b183dcaafaf17b3d07a5fa Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Apr 24 19:50:45 2016 -0400 make update Reviewed-by: Dr. Stephen Henson <st...@openssl.org> commit 67787844f11fd7614bb26452fda1a1de3ed005ef Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Apr 24 19:48:50 2016 -0400 Improve and document low-level PEM read routines PEM_read(), PEM_read_bio(), PEM_get_EVP_CIPHER_INFO() and PEM_do_header(). Reviewed-by: Dr. Stephen Henson <st...@openssl.org> --- Summary of changes: crypto/pem/pem_err.c| 9 +-- crypto/pem/pem_lib.c| 157 ++-- doc/crypto/pem_read.pod | 90 +++ include/openssl/pem.h | 3 + 4 files changed, 196 insertions(+), 63 deletions(-) create mode 100644 doc/crypto/pem_read.pod diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c index 0d3c3e6..2282e06 100644 --- a/crypto/pem/pem_err.c +++ b/crypto/pem/pem_err.c @@ -82,23 +82,24 @@ static ERR_STRING_DATA PEM_str_reasons[] = { "error converting private key"}, {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB), "expecting private key blob"}, -{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB), - "expecting public key blob"}, +{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB), "expecting public key blob"}, +{ERR_REASON(PEM_R_HEADER_TOO_LONG), "header too long"}, {ERR_REASON(PEM_R_INCONSISTENT_HEADER), "inconsistent header"}, {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR), "keyblob header parse error"}, {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"}, +{ERR_REASON(PEM_R_MISSING_DEK_IV), "missing dek iv"}, {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"}, {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"}, {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"}, {ERR_REASON(PEM_R_NO_START_LINE), "no start line"}, -{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD), - "problems getting password"}, +{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD), "problems getting password"}, {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"}, {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"}, {ERR_REASON(PEM_R_PVK_TOO_SHORT), "pvk too short"}, {ERR_REASON(PEM_R_READ_KEY), "read key"}, {ERR_REASON(PEM_R_SHORT_HEADER), "short header"}, +{ERR_REASON(PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"}, {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"}, {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS), diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 5686554..42b46dc 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -9,6 +9,7 @@ #include #include +#include #include "internal/cryptlib.h" #include #include @@ -389,115 +390,153 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, pem_password_cb *callback, void *u) { -int i = 0, j, o, klen; -long len; +int ok; +int keylen; +long len = *plen; +int ilen = (int) len; /* EVP_DecryptUpdate etc. take int lengths */ EVP_CIPHER_CTX *ctx; unsigned char key[EVP_MAX_KEY_LENGTH]; char buf[PEM_BUFSIZE]; -len = *plen; +#if LONG_MAX > INT_MAX +/* Check that we did not truncate the length */ +if (len > INT_MAX) { +PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_HEADER_TOO_LONG); +return 0; +} +#endif if (cipher->cipher == NULL) -return (1); +return 1; if (callback == NULL) -klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); +keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); else -klen = callback(buf, PEM_BUFSIZE, 0, u); -if (klen <= 0) { +keylen = callback(buf, PEM_BUFSIZE, 0, u); +if (keylen <= 0) { PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); -return (0); +return 0; } #ifdef CHARSET_EBCDIC /* Convert the pass phrase from EBCDIC */ -ebcdic2ascii(buf, buf, klen); +ebcdic2ascii(buf, buf, keylen); #endif if (!EVP_BytesToKey(cipher->cipher, EVP_m
[openssl-commits] [openssl] master update
The branch master has been updated via f3e235ed6faa82170d857fdec3287558eb906c58 (commit) via 5fba3912cc770bb035accb390653bda1a795f39e (commit) from 872759053b3990dac362c1fa561fc127e1de5924 (commit) - Log - commit f3e235ed6faa82170d857fdec3287558eb906c58 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue May 17 13:40:57 2016 -0400 Ensure verify error is set when X509_verify_cert() fails Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot continue due to malloc failure. Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Reviewed-by: Richard Levitte <levi...@openssl.org> commit 5fba3912cc770bb035accb390653bda1a795f39e Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon May 16 21:38:03 2016 -0400 Clarify negative return from X509_verify_cert() Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: crypto/x509/x509_txt.c | 4 crypto/x509/x509_vfy.c | 47 + crypto/x509v3/v3_addr.c | 6 ++ doc/crypto/X509_verify_cert.pod | 13 ++-- include/openssl/x509_vfy.h | 5 + ssl/statem/statem_lib.c | 10 + 6 files changed, 70 insertions(+), 15 deletions(-) diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 293efcf..5341e79 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -161,6 +161,10 @@ const char *X509_verify_cert_error_string(long n) return ("CA certificate key too weak"); case X509_V_ERR_CA_MD_TOO_WEAK: return ("CA signature digest algorithm too weak"); +case X509_V_ERR_INVALID_CALL: +return ("Invalid certificate verification context"); +case X509_V_ERR_STORE_LOOKUP: +return ("Issuer certificate lookup error"); default: /* Printing an error number into a static buffer is not thread-safe */ diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 866aa39..a5e7789 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -251,9 +251,11 @@ static int verify_chain(X509_STORE_CTX *ctx) int X509_verify_cert(X509_STORE_CTX *ctx) { SSL_DANE *dane = ctx->dane; +int ret; if (ctx->cert == NULL) { X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); +ctx->error = X509_V_ERR_INVALID_CALL; return -1; } @@ -263,6 +265,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * cannot do another one. */ X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +ctx->error = X509_V_ERR_INVALID_CALL; return -1; } @@ -273,6 +276,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (((ctx->chain = sk_X509_new_null()) == NULL) || (!sk_X509_push(ctx->chain, ctx->cert))) { X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); +ctx->error = X509_V_ERR_OUT_OF_MEM; return -1; } X509_up_ref(ctx->cert); @@ -283,15 +287,19 @@ int X509_verify_cert(X509_STORE_CTX *ctx) !verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL)) return 0; +if (DANETLS_ENABLED(dane)) +ret = dane_verify(ctx); +else +ret = verify_chain(ctx); + /* - * If dane->trecs is an empty stack, we'll fail, since the user enabled - * DANE. If none of the TLSA records were usable, and it makes sense to - * keep going with an unauthenticated handshake, they can handle that in - * the verify callback, or not set SSL_VERIFY_PEER. + * Safety-net. If we are returning an error, we must also set ctx->error, + * so that the chain is not considered verified should the error be ignored + * (e.g. TLS with SSL_VERIFY_NONE). */ -if (DANETLS_ENABLED(dane)) -return dane_verify(ctx); -return verify_chain(ctx); +if (ret <= 0 && ctx->error == X509_V_OK) +ctx->error = X509_V_ERR_UNSPECIFIED; +return ret; } /* @@ -562,8 +570,16 @@ static int check_name_constraints(X509_STORE_CTX *ctx) if (nc) { int rv = NAME_CONSTRAINTS_check(x, nc); -if (rv != X509_V_OK && !verify_cb_cert(ctx, x, i, rv)) +switch (rv) { +case X509_V_OK: +break; +case X509_V_ERR_OUT_OF_MEM: return 0; +default: +if (!verify_cb_cert(ctx, x,
[openssl-commits] [openssl] master update
The branch master has been updated via 5c4328f04f63bc288d4e069e1453ab18b0309f16 (commit) from b160f2823fb3bafdf8728ea251aab0d07888b934 (commit) - Log - commit 5c4328f04f63bc288d4e069e1453ab18b0309f16 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun May 15 13:02:17 2016 -0400 Fold threads.h into crypto.h making API public Document thread-safe lock creation Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: crypto/async/async.c | 1 - crypto/bio/b_addr.c| 2 +- crypto/bn/bn_blind.c | 1 - crypto/engine/eng_int.h| 1 - crypto/err/err.c | 1 - crypto/err/err_prn.c | 1 - crypto/ex_data.c | 1 - crypto/init.c | 1 - crypto/mem_dbg.c | 1 - crypto/mem_sec.c | 1 - crypto/rand/md_rand.c | 1 - crypto/threads_none.c | 1 - crypto/threads_pthread.c | 1 - crypto/threads_win.c | 1 - crypto/x509/by_dir.c | 1 - doc/crypto/threads.pod | 61 +- include/internal/threads.h | 92 -- include/openssl/crypto.h | 38 +++ ssl/ssl_cert.c | 2 +- ssl/ssl_ciph.c | 2 +- ssl/ssl_init.c | 1 - test/ssltest_old.c | 1 - test/threadstest.c | 1 - util/mkdef.pl | 1 - 24 files changed, 101 insertions(+), 114 deletions(-) delete mode 100644 include/internal/threads.h diff --git a/crypto/async/async.c b/crypto/async/async.c index b4ba561..719379e 100644 --- a/crypto/async/async.c +++ b/crypto/async/async.c @@ -61,7 +61,6 @@ /* This must be the first #include file */ #include "async_locl.h" -#include #include #include #include diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c index 1813f5a..356ab11 100644 --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -55,7 +55,7 @@ #include #include "bio_lcl.h" -#include "internal/threads.h" +#include #ifndef OPENSSL_NO_SOCK #include diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 81b895c..fcc4db5 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -110,7 +110,6 @@ #include #include "internal/cryptlib.h" -#include "internal/threads.h" #include "bn_lcl.h" #define BN_BLINDING_COUNTER 32 diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index b175295..36bc933 100644 --- a/crypto/engine/eng_int.h +++ b/crypto/engine/eng_int.h @@ -65,7 +65,6 @@ # define HEADER_ENGINE_INT_H # include "internal/cryptlib.h" -# include "internal/threads.h" # include #ifdef __cplusplus diff --git a/crypto/err/err.c b/crypto/err/err.c index fd2ea81..f1a80c0 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -112,7 +112,6 @@ #include #include #include -#include #include #include #include diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index 0f7d40c..1cbec54 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -57,7 +57,6 @@ #include #include "internal/cryptlib.h" -#include "internal/threads.h" #include #include #include diff --git a/crypto/ex_data.c b/crypto/ex_data.c index ca1c204..2570736 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -109,7 +109,6 @@ */ #include "internal/cryptlib_int.h" -#include "internal/threads.h" #include /* diff --git a/crypto/init.c b/crypto/init.c index 938bf78..90ab6df 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -55,7 +55,6 @@ * */ -#include #include #include #include diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 2b8cf73..0df050d 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -112,7 +112,6 @@ #include #include #include "internal/cryptlib.h" -#include "internal/threads.h" #include #include #include "internal/bio.h" diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index d61d945..31fcee6 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -25,7 +25,6 @@ # include # include # include -# include "internal/threads.h" #endif #define CLEAR(p, s) OPENSSL_cleanse(p, s) diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index e9574b0..74beda8 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -125,7 +125,6 @@ #include #include #include "rand_lcl.h" -#include "internal/threads.h" #include diff --git a/crypto/threads_none.c b/crypto/threads_none.c index 4e3b7a5..bd92b82 100644 --- a/crypto/threads_none.c +++ b/crypto/threads_none.c @@ -48,7 +48,6 @@ */ #include -#include "internal/threads.h" #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
[openssl-commits] [openssl] master update
The branch master has been updated via 7ad5fb6267e9da1634998bf2eccaa753f443fa83 (commit) from f2b9c257216a27b568b3d5d703ca5bdd926c5c28 (commit) - Log - commit 7ad5fb6267e9da1634998bf2eccaa753f443fa83 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed May 11 18:01:41 2016 -0400 Fix TLSProxy race by adding missing eval Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: util/TLSProxy/Proxy.pm | 14 -- 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index aafd902..950fd90 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -226,12 +226,14 @@ sub clientstart do { my $servaddr = $self->server_addr; $servaddr =~ s/[\[\]]//g; # Remove [ and ] -$server_sock = $IP_factory->( -PeerAddr => $servaddr, -PeerPort => $self->server_port, -MultiHomed => 1, -Proto => 'tcp' -); +eval { +$server_sock = $IP_factory->( +PeerAddr => $servaddr, +PeerPort => $self->server_port, +MultiHomed => 1, +Proto => 'tcp' +); +}; $retry--; if ($@ || !defined($server_sock)) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 36c37944909496a123e2656ad1f651769a7cc72f (commit) from 74d6762543335641e4155fd84deaba67cd0105e4 (commit) - Log - commit 36c37944909496a123e2656ad1f651769a7cc72f Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon May 2 15:00:21 2016 -0400 Fix i2d_X509_AUX and update docs When *pp is NULL, don't write garbage, return an unexpected pointer or leak memory on error. Reviewed-by: Dr. Stephen Henson <st...@openssl.org> --- Summary of changes: crypto/asn1/x_x509.c| 54 +++-- doc/crypto/d2i_X509.pod | 14 - 2 files changed, 65 insertions(+), 3 deletions(-) diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index e31e1e7..aada4a8 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -199,12 +199,26 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) return NULL; } -int i2d_X509_AUX(X509 *a, unsigned char **pp) +/* + * Serialize trusted certificate to *pp or just return the required buffer + * length if pp == NULL. We ultimately want to avoid modifying *pp in the + * error path, but that depends on similar hygiene in lower-level functions. + * Here we avoid compounding the problem. + */ +static int i2d_x509_aux_internal(X509 *a, unsigned char **pp) { int length, tmplen; unsigned char *start = pp != NULL ? *pp : NULL; + +OPENSSL_assert(pp == NULL || *pp != NULL); + +/* + * This might perturb *pp on error, but fixing that belongs in i2d_X509() + * not here. It should be that if a == NULL length is zero, but we check + * both just in case. + */ length = i2d_X509(a, pp); -if (length < 0 || a == NULL) +if (length <= 0 || a == NULL) return length; tmplen = i2d_X509_CERT_AUX(a->aux, pp); @@ -218,6 +232,42 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp) return length; } +/* + * Serialize trusted certificate to *pp, or just return the required buffer + * length if pp == NULL. + * + * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since + * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do + * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the + * allocated buffer. + */ +int i2d_X509_AUX(X509 *a, unsigned char **pp) +{ +int length; +unsigned char *tmp; + +/* Buffer provided by caller */ +if (pp == NULL || *pp != NULL) +return i2d_x509_aux_internal(a, pp); + +/* Obtain the combined length */ +if ((length = i2d_x509_aux_internal(a, NULL)) <= 0) +return length; + +/* Allocate requisite combined storage */ +*pp = tmp = OPENSSL_malloc(length); +if (tmp == NULL) +return -1; /* Push error onto error stack? */ + +/* Encode, but keep *pp at the originally malloced pointer */ +length = i2d_x509_aux_internal(a, ); +if (length <= 0) { +OPENSSL_free(*pp); +*pp = NULL; +} +return length; +} + int i2d_re_X509_tbs(X509 *x, unsigned char **pp) { x->cert_info->enc.modified = 1; diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index 5b7c16f..2743bc7 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -9,8 +9,10 @@ i2d_X509_fp - X509 encode and decode functions #include - X509 *d2i_X509(X509 **px, const unsigned char **in, int len); + X509 *d2i_X509(X509 **px, const unsigned char **in, long len); + X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); int i2d_X509(X509 *x, unsigned char **out); + int i2d_X509_AUX(X509 *x, unsigned char **out); X509 *d2i_X509_bio(BIO *bp, X509 **x); X509 *d2i_X509_fp(FILE *fp, X509 **x); @@ -37,6 +39,11 @@ below, and the discussion in the RETURN VALUES section). If the call is successful B<*in> is incremented to the byte following the parsed data. +d2i_X509_AUX() is similar to d2i_X509() but the input is expected to consist of +an X509 certificate followed by auxiliary trust information. +This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects. +This function should not be called on untrusted input. + i2d_X509() encodes the structure pointed to by B into DER format. If B is not B is writes the DER encoded data to the buffer at B<*out>, and increments it to point after the data just written. @@ -48,6 +55,11 @@ allocated for a buffer and the encoded data written to it. In this case B<*out> is not incremented and it points to the start of the data just written. +i2d_X509_AUX() is similar to i2d_X509(), but the encoded output contains both +the certificate and any auxiliary trust information. +This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects. +Note, this is a
[openssl-commits] [openssl] master update
The branch master has been updated via fde2257f055f187e8e78542ea6d64ad6c206d10b (commit) from 9b5164ce7788d6985b005e410bb7b53bd553c99e (commit) - Log - commit fde2257f055f187e8e78542ea6d64ad6c206d10b Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon May 2 14:46:51 2016 -0400 Fix i2d_X509_AUX, update docs and add tests When *pp is NULL, don't write garbage, return an unexpected pointer or leak memory on error. Reviewed-by: Dr. Stephen Henson <st...@openssl.org> --- Summary of changes: crypto/x509/x_x509.c | 54 - doc/crypto/d2i_X509.pod| 14 +- test/build.info| 6 +- test/danetest.c| 5 +- test/recipes/{80-test_dane.t => 80-test_x509aux.t} | 11 +- test/x509aux.c | 226 + 6 files changed, 305 insertions(+), 11 deletions(-) copy test/recipes/{80-test_dane.t => 80-test_x509aux.t} (65%) create mode 100644 test/x509aux.c diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 043ab07..3eba360 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -181,12 +181,26 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) return NULL; } -int i2d_X509_AUX(X509 *a, unsigned char **pp) +/* + * Serialize trusted certificate to *pp or just return the required buffer + * length if pp == NULL. We ultimately want to avoid modifying *pp in the + * error path, but that depends on similar hygiene in lower-level functions. + * Here we avoid compounding the problem. + */ +static int i2d_x509_aux_internal(X509 *a, unsigned char **pp) { int length, tmplen; unsigned char *start = pp != NULL ? *pp : NULL; + +OPENSSL_assert(pp == NULL || *pp != NULL); + +/* + * This might perturb *pp on error, but fixing that belongs in i2d_X509() + * not here. It should be that if a == NULL length is zero, but we check + * both just in case. + */ length = i2d_X509(a, pp); -if (length < 0 || a == NULL) +if (length <= 0 || a == NULL) return length; tmplen = i2d_X509_CERT_AUX(a->aux, pp); @@ -200,6 +214,42 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp) return length; } +/* + * Serialize trusted certificate to *pp, or just return the required buffer + * length if pp == NULL. + * + * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since + * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do + * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the + * allocated buffer. + */ +int i2d_X509_AUX(X509 *a, unsigned char **pp) +{ +int length; +unsigned char *tmp; + +/* Buffer provided by caller */ +if (pp == NULL || *pp != NULL) +return i2d_x509_aux_internal(a, pp); + +/* Obtain the combined length */ +if ((length = i2d_x509_aux_internal(a, NULL)) <= 0) +return length; + +/* Allocate requisite combined storage */ +*pp = tmp = OPENSSL_malloc(length); +if (tmp == NULL) +return -1; /* Push error onto error stack? */ + +/* Encode, but keep *pp at the originally malloced pointer */ +length = i2d_x509_aux_internal(a, ); +if (length <= 0) { +OPENSSL_free(*pp); +*pp = NULL; +} +return length; +} + int i2d_re_X509_tbs(X509 *x, unsigned char **pp) { x->cert_info.enc.modified = 1; diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index 3cd2509..14b84f2 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -9,8 +9,10 @@ i2d_X509_fp - X509 encode and decode functions #include - X509 *d2i_X509(X509 **px, const unsigned char **in, int len); + X509 *d2i_X509(X509 **px, const unsigned char **in, long len); + X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); int i2d_X509(X509 *x, unsigned char **out); + int i2d_X509_AUX(X509 *x, unsigned char **out); X509 *d2i_X509_bio(BIO *bp, X509 **x); X509 *d2i_X509_fp(FILE *fp, X509 **x); @@ -37,6 +39,11 @@ below, and the discussion in the RETURN VALUES section). If the call is successful B<*in> is incremented to the byte following the parsed data. +d2i_X509_AUX() is similar to d2i_X509() but the input is expected to consist of +an X509 certificate followed by auxiliary trust information. +This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects. +This function should not be called on untrusted input. + i2d_X509() encodes the structure pointed to by B into DER format. If B is not B is writes the DER encoded data to the buffer at B<*out>, and increments it to point after the data just written. @@ -48,6 +55,11 @@ allocated for a buffer
[openssl-commits] [openssl] master update
The branch master has been updated via 7b7eb4725ead9440e5f68c999e0792098ea82239 (commit) from fb015ca6f05e09b11a3932f89d25bae697c8af1e (commit) - Log - commit 7b7eb4725ead9440e5f68c999e0792098ea82239 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Apr 29 16:36:32 2016 -0400 Drop duplicate ctx->verify_cb assignment The right variant is ~18 lines below. Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: crypto/x509/x509_vfy.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 2b17b29..6fc08c4 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2171,11 +2171,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, /* Zero ex_data to make sure we're cleanup-safe */ memset(>ex_data, 0, sizeof(ctx->ex_data)); -if (store) { -ctx->verify_cb = store->verify_cb; -/* Seems to always be 0 in OpenSSL, else must be idempotent */ +/* store->cleanup is always 0 in OpenSSL, if set must be idempotent */ +if (store) ctx->cleanup = store->cleanup; -} else +else ctx->cleanup = 0; if (store && store->check_issued) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 4a397f5168d41ef4417f1430f2f5133b92f145b8 (commit) from 69664d6af0cdd7738f55d10fbbe46cdf15f72e0e (commit) - Log - commit 4a397f5168d41ef4417f1430f2f5133b92f145b8 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Apr 27 15:08:33 2016 -0400 Fix set0 reuse test We must test for new object == current object, not !=. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: crypto/dh/dh_lib.c | 2 +- crypto/dsa/dsa_lib.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 644508d..9db4576 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -303,7 +303,7 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) * as input parameters. */ if (dh->pub_key == pub_key -|| (dh->priv_key != NULL && priv_key != dh->priv_key)) +|| (dh->priv_key != NULL && priv_key == dh->priv_key)) return 0; if (pub_key != NULL) { diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 383b48b..7b751a9 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -358,7 +358,7 @@ int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) * as input parameters. */ if (d->pub_key == pub_key -|| (d->priv_key != NULL && priv_key != d->priv_key)) +|| (d->priv_key != NULL && priv_key == d->priv_key)) return 0; if (pub_key != NULL) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 69664d6af0cdd7738f55d10fbbe46cdf15f72e0e (commit) from 4c5e6b2cb95a4332829af140e5edba965c9685ce (commit) - Log - commit 69664d6af0cdd7738f55d10fbbe46cdf15f72e0e Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Apr 26 14:17:57 2016 -0400 Future proof build_chain() in x509_vfy.c Coverity reports a potential NULL deref when "2 0 0" DANE trust-anchors from DNS are configured via SSL_dane_tlsa_add() and X509_STORE_CTX_init() is called with a NULL stack of untrusted certificates. Since ssl_verify_cert_chain() always provideds a non-NULL stack of untrusted certs, and no other code path enables DANE, the problem can only happen in applications that use SSL_CTX_set_cert_verify_callback() to implement their own wrappers around X509_verify_cert() passing only the leaf certificate to the latter. Regardless of the "improbability" of the problem, we do need to ensure that build_chain() handles this case correctly. Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: crypto/x509/x509_vfy.c | 15 ++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index b895ffe..30eabcb 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2789,8 +2789,21 @@ static int build_chain(X509_STORE_CTX *ctx) return 0; } -/* Include any untrusted full certificates from DNS */ +/* + * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add + * them to our working copy of the untrusted certificate stack. Since the + * caller of X509_STORE_CTX_init() may have provided only a leaf cert with + * no corresponding stack of untrusted certificates, we may need to create + * an empty stack first. [ At present only the ssl library provides DANE + * support, and ssl_verify_cert_chain() always provides a non-null stack + * containing at least the leaf certificate, but we must be prepared for + * this to change. ] + */ if (DANETLS_ENABLED(dane) && dane->certs != NULL) { +if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) { +X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); +return 0; +} for (i = 0; i < sk_X509_num(dane->certs); ++i) { if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) { sk_X509_free(sktmp); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
The branch OpenSSL_1_0_1-stable has been updated via 697283ba418b21c4c0682d7050264b492e2ea4e2 (commit) from 3d411057a5e28530fffc40b257698f453c89aa87 (commit) - Log - commit 697283ba418b21c4c0682d7050264b492e2ea4e2 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Apr 19 22:23:24 2016 -0400 Fix buffer overrun in ASN1_parse(). Backport of commits: 79c7f74d6cefd5d32fa20e69195ad3de834ce065 bdcd660e33710079b495cf5cc6a1aaa5d2dcd317 from master. Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: crypto/asn1/asn1_lib.c | 18 +++--- crypto/asn1/asn1_par.c | 17 + 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 0b61fc9..54b683c 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -63,7 +63,7 @@ #include static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, - int max); + long max); static void asn1_put_length(unsigned char **pp, int length); const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT; @@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, } *ptag = tag; *pclass = xclass; -if (!asn1_get_length(, , plength, (int)max)) +if (!asn1_get_length(, , plength, max)) goto err; if (inf && !(ret & V_ASN1_CONSTRUCTED)) @@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, } static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, - int max) + long max) { const unsigned char *p = *pp; unsigned long ret = 0; -unsigned int i; +unsigned long i; if (max-- < 1) -return (0); +return 0; if (*p == 0x80) { *inf = 1; ret = 0; @@ -175,15 +175,11 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, *inf = 0; i = *p & 0x7f; if (*(p++) & 0x80) { -if (i > sizeof(long)) +if (i > sizeof(ret) || max < i) return 0; -if (max-- == 0) -return (0); while (i-- > 0) { ret <<= 8L; ret |= *(p++); -if (max-- == 0) -return (0); } } else ret = i; @@ -192,7 +188,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, return 0; *pp = p; *rl = (long)ret; -return (1); +return 1; } /* diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index 0ca985a..e85e339 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -173,6 +173,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) goto end; if (j & V_ASN1_CONSTRUCTED) { +const unsigned char *sp; + ep = p + len; if (BIO_write(bp, "\n", 1) <= 0) goto end; @@ -182,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, goto end; } if ((j == 0x21) && (len == 0)) { +sp = p; for (;;) { r = asn1_parse2(bp, , (long)(tot - p), offset + (p - *pp), depth + 1, @@ -190,19 +193,25 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, ret = 0; goto end; } -if ((r == 2) || (p >= tot)) +if ((r == 2) || (p >= tot)) { +len = p - sp; break; +} } -} else +} else { +long tmp = len; + while (p < ep) { -r = asn1_parse2(bp, , (long)len, -offset + (p - *pp), depth + 1, +sp = p; +r = asn1_parse2(bp, , tmp, offset + (p - *pp), depth + 1, indent, dump); if (r == 0) { ret = 0; goto end; } +tmp -= p - sp; } +} } else if (xclass != 0) { p += len; if (BIO_write(bp, "\n", 1) <= 0) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 2442382e11c022aaab4fdc6975bd15d5a75c4db2 (commit) from f32774087f7b3db1f789688368d16d917757421e (commit) - Log - commit 2442382e11c022aaab4fdc6975bd15d5a75c4db2 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Apr 19 22:23:24 2016 -0400 Fix buffer overrun in ASN1_parse(). Backport of commits: 79c7f74d6cefd5d32fa20e69195ad3de834ce065 bdcd660e33710079b495cf5cc6a1aaa5d2dcd317 from master. Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: crypto/asn1/asn1_lib.c | 18 +++--- crypto/asn1/asn1_par.c | 17 + 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 0b61fc9..54b683c 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -63,7 +63,7 @@ #include static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, - int max); + long max); static void asn1_put_length(unsigned char **pp, int length); const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT; @@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, } *ptag = tag; *pclass = xclass; -if (!asn1_get_length(, , plength, (int)max)) +if (!asn1_get_length(, , plength, max)) goto err; if (inf && !(ret & V_ASN1_CONSTRUCTED)) @@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, } static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, - int max) + long max) { const unsigned char *p = *pp; unsigned long ret = 0; -unsigned int i; +unsigned long i; if (max-- < 1) -return (0); +return 0; if (*p == 0x80) { *inf = 1; ret = 0; @@ -175,15 +175,11 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, *inf = 0; i = *p & 0x7f; if (*(p++) & 0x80) { -if (i > sizeof(long)) +if (i > sizeof(ret) || max < i) return 0; -if (max-- == 0) -return (0); while (i-- > 0) { ret <<= 8L; ret |= *(p++); -if (max-- == 0) -return (0); } } else ret = i; @@ -192,7 +188,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, return 0; *pp = p; *rl = (long)ret; -return (1); +return 1; } /* diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index 0ca985a..e85e339 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -173,6 +173,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) goto end; if (j & V_ASN1_CONSTRUCTED) { +const unsigned char *sp; + ep = p + len; if (BIO_write(bp, "\n", 1) <= 0) goto end; @@ -182,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, goto end; } if ((j == 0x21) && (len == 0)) { +sp = p; for (;;) { r = asn1_parse2(bp, , (long)(tot - p), offset + (p - *pp), depth + 1, @@ -190,19 +193,25 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, ret = 0; goto end; } -if ((r == 2) || (p >= tot)) +if ((r == 2) || (p >= tot)) { +len = p - sp; break; +} } -} else +} else { +long tmp = len; + while (p < ep) { -r = asn1_parse2(bp, , (long)len, -offset + (p - *pp), depth + 1, +sp = p; +r = asn1_parse2(bp, , tmp, offset + (p - *pp), depth + 1, indent, dump); if (r == 0) { ret = 0; goto end; } +tmp -= p - sp; } +} } else if (xclass != 0) { p += len; if (BIO_write(bp, "\n", 1) <= 0) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via e2ab7fb343b28fba997cdf4a26bb616c26783c38 (commit) via 9f6b22b814a306677f6d5a829cf7fd62005ecdc2 (commit) from ee85fc1dd67faebdeecb8fe8834facaee0566324 (commit) - Log - commit e2ab7fb343b28fba997cdf4a26bb616c26783c38 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Thu Apr 21 20:06:49 2016 -0400 make update Reviewed-by: Rich Salz <rs...@openssl.org> commit 9f6b22b814a306677f6d5a829cf7fd62005ecdc2 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Thu Apr 21 20:00:58 2016 -0400 Enabled DANE only when at least one TLSA RR was added It is up to the caller of SSL_dane_tlsa_add() to take appropriate action when no records are added successfully or adding some records triggers an internal error (negative return value). With this change the caller can continue with PKIX if desired when none of the TLSA records are usable, or take some appropriate action if DANE is required. Also fixed the internal ssl_dane_dup() function to properly initialize the TLSA RR stack in the target SSL handle. Errors in ssl_dane_dup() are no longer ignored. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: doc/ssl/SSL_CTX_dane_enable.pod | 56 -- include/internal/dane.h | 3 ++- include/openssl/ssl.h | 1 + ssl/ssl_err.c | 60 ++--- ssl/ssl_lib.c | 16 +-- 5 files changed, 67 insertions(+), 69 deletions(-) diff --git a/doc/ssl/SSL_CTX_dane_enable.pod b/doc/ssl/SSL_CTX_dane_enable.pod index 8463a3d..d6d447d 100644 --- a/doc/ssl/SSL_CTX_dane_enable.pod +++ b/doc/ssl/SSL_CTX_dane_enable.pod @@ -71,11 +71,17 @@ The arguments specify the fields of the TLSA record. The B field is provided in binary (wire RDATA) form, not the hexadecimal ASCII presentation form, with an explicit length passed via B. A return value of 0 indicates that "unusable" TLSA records (with invalid or -unsupported parameters) were provided, a negative return value indicates an -internal error in processing the records. -If DANE authentication is enabled, but no TLSA records are added successfully, -authentication will fail, and the handshake may not complete, depending on the -B argument of L<SSL_set_verify(3)> and any verification callback. +unsupported parameters) were provided. +A negative return value indicates an internal error in processing the record. + +The caller is expected to check the return value of each SSL_dane_tlsa_add() +call and take appropriate action if none are usable or an internal error +is encountered in processing some records. + +If no TLSA records are added successfully, DANE authentication is not enabled, +and authentication will be based on any configured traditional trust-anchors; +authentication success in this case does not mean that the peer was +DANE-authenticated. SSL_get0_dane_authority() can be used to get more detailed information about the matched DANE trust-anchor after successful connection completion. @@ -149,6 +155,7 @@ the lifetime of the SSL connection. SSL_CTX *ctx; SSL *ssl; + int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL; int num_usable = 0; const char *nexthop_domain = "example.com"; const char *dane_tlsa_domain = "smtp.example.com"; @@ -175,11 +182,19 @@ the lifetime of the SSL connection. /* set usage, selector, mtype, data, len */ -/* Opportunistic DANE TLS clients treat usages 0, 1 as unusable. */ +/* + * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3). + * They treat all other certificate usages, and in particular PKIX-TA(0) + * and PKIX-EE(1), as unusable. + */ switch (usage) { +default: case 0: /* PKIX-TA(0) */ case 1: /* PKIX-EE(1) */ continue; +case 2: /* DANE-TA(2) */ +case 3: /* DANE-EE(3) */ +break; } ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); @@ -194,16 +209,29 @@ the lifetime of the SSL connection. } /* + * At this point, the verification mode is still the default SSL_VERIFY_NONE. * Opportunistic DANE clients use unauthenticated TLS when all TLSA records * are unusable, so continue the handshake even if authentication fails. */ if (num_usable == 0) { -int (*cb)(int ok, X509_STORE_CTX *sctx) = NULL; - /* Log all records unusable? */ -/* Set cb to a non-NULL callback of your choice? */ -SSL_set_verify(ssl, SSL_VERIFY_NONE, cb); +/* Optionally set verify_cb to a suitable non-NULL callback. */ +SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb); + } else { +
[openssl-commits] [openssl] master update
The branch master has been updated via bdcd660e33710079b495cf5cc6a1aaa5d2dcd317 (commit) from 5968d11a7a28103610c054c6a57c852bbe0f3b51 (commit) - Log - commit bdcd660e33710079b495cf5cc6a1aaa5d2dcd317 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Apr 13 23:14:43 2016 -0400 Bugfix: in asn1parse avoid erroneous len after a sub-sequence Introduced in: commit 79c7f74d6cefd5d32fa20e69195ad3de834ce065 Author: Ben Laurie <b...@links.org> Date: Tue Mar 29 19:37:57 2016 +0100 Fix buffer overrun in ASN1_parse(). Problem input: https://tools.ietf.org/html/draft-ietf-curdle-pkix-eddsa-00#section-8.1 -BEGIN PUBLIC KEY- MC0wCAYDK2VkCgECAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE= -END PUBLIC KEY- Previously: 0:d=0 hl=2 l= 45 cons: SEQUENCE 2:d=1 hl=2 l= 8 cons: SEQUENCE 4:d=2 hl=2 l= 3 prim: OBJECT:1.3.101.100 9:d=2 hl=2 l= 1 prim: ENUMERATED:02 Error in encoding 140735164989440:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:148: Now: 0:d=0 hl=2 l= 45 cons: SEQUENCE 2:d=1 hl=2 l= 8 cons: SEQUENCE 4:d=2 hl=2 l= 3 prim: OBJECT:1.3.101.100 9:d=2 hl=2 l= 1 prim: ENUMERATED:02 12:d=1 hl=2 l= 33 prim: BIT STRING - 00 19 bf 44 09 69 84 cd-fe 85 41 ba c1 67 dc 3b ...D.iA..g.; 0010 - 96 c8 50 86 aa 30 b6 b6-cb 0c 5c 38 ad 70 31 66 ..P..0\8.p1f 0020 - e1. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: crypto/asn1/asn1_par.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index b721273..e412820 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -189,18 +189,19 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, } } } else { +long tmp = len; + while (p < ep) { sp = p; -r = asn1_parse2(bp, , len, +r = asn1_parse2(bp, , tmp, offset + (p - *pp), depth + 1, indent, dump); if (r == 0) { ret = 0; goto end; } -len -= p - sp; +tmp -= p - sp; } -len = length; } } else if (xclass != 0) { p += len; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 5968d11a7a28103610c054c6a57c852bbe0f3b51 (commit) from a50ad1daaa68c109ea1a14225a7aba8660526101 (commit) - Log - commit 5968d11a7a28103610c054c6a57c852bbe0f3b51 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Apr 13 23:41:55 2016 -0400 Don't use deprecated CONF_modules_free() in tests Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: test/ssl_test.c | 1 - 1 file changed, 1 deletion(-) diff --git a/test/ssl_test.c b/test/ssl_test.c index b95120e..dfe71cb 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -210,6 +210,5 @@ int main(int argc, char **argv) ADD_ALL_TESTS(test_handshake, (int)(num_tests)); result = run_tests(argv[0]); -CONF_modules_free(); return result; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via a4ccf06808422400a6a0673b452d388e95a455fd (commit) via 43341433a88a6a2cd38c35359f48653e809b10cd (commit) via c636c1c470fd2b4b0cb546e6ee85971375e42ec1 (commit) from 6afef8b1fb679df7d6a8606d713192c9907b1890 (commit) - Log - commit a4ccf06808422400a6a0673b452d388e95a455fd Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Thu Apr 7 14:19:16 2016 -0400 make update Signed-off-by: Rob Percival <robperci...@google.com> Reviewed-by: Emilia Käsper <emi...@openssl.org> commit 43341433a88a6a2cd38c35359f48653e809b10cd Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Thu Apr 7 14:17:37 2016 -0400 Suppress CT callback as appropriate Suppress CT callbacks with aNULL or PSK ciphersuites that involve no certificates. Ditto when the certificate chain is validated via DANE-TA(2) or DANE-EE(3) TLSA records. Also skip SCT processing when the chain is fails verification. Move and consolidate CT callbacks from libcrypto to libssl. We also simplify the interface to SSL_{,CTX_}_enable_ct() which can specify either a permissive mode that just collects information or a strict mode that requires at least one valid SCT or else asks to abort the connection. Simplified SCT processing and options in s_client(1) which now has just a simple pair of "-noct" vs. "-ct" options, the latter enables the permissive callback so that we can complete the handshake and report all relevant information. When printing SCTs, print the validation status if set and not valid. Signed-off-by: Rob Percival <robperci...@google.com> Reviewed-by: Emilia Käsper <emi...@openssl.org> commit c636c1c470fd2b4b0cb546e6ee85971375e42ec1 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sat Apr 2 16:47:48 2016 -0400 Fix client verify mode to check SSL_VERIFY_PEER The original check for != SSL_VERIFY_NONE can give surprising results when flags SSL_VERIFY_PEER is not set, but other flags are. Note that SSL_VERIFY_NONE (0) is not a flag bit, it is rather the absense of all other flag bits. Signed-off-by: Rob Percival <robperci...@google.com> Reviewed-by: Emilia Käsper <emi...@openssl.org> --- Summary of changes: apps/s_client.c| 67 +++- crypto/ct/ct_err.c | 3 - crypto/ct/ct_oct.c | 12 ++- crypto/ct/ct_prn.c | 23 - crypto/ct/ct_sct.c | 33 +- crypto/ct/ct_vfy.c | 59 --- doc/apps/s_client.pod | 14 ++- doc/ssl/SSL_CTX_set_ct_validation_callback.pod | 113 ++-- doc/ssl/SSL_CTX_set_ctlog_list_file.pod| 2 +- doc/ssl/SSL_CTX_set_verify.pod | 15 +-- include/openssl/ct.h | 22 +--- include/openssl/ssl.h | 60 --- ssl/ssl_err.c | 14 +-- ssl/ssl_lib.c | 138 +++-- ssl/ssl_locl.h | 4 +- ssl/statem/statem_clnt.c | 5 +- ssl/t1_ext.c | 15 +-- test/ct_test.c | 22 ++-- test/recipes/80-test_ssl_old.t | 27 ++--- test/ssltest_old.c | 14 ++- util/libcrypto.num | 3 +- util/libssl.num| 6 +- 22 files changed, 402 insertions(+), 269 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index b180dbc..b2f10c8 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -666,7 +666,7 @@ typedef enum OPTION_choice { OPT_S_ENUM, OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY, OPT_DANE_TLSA_DOMAIN, #ifndef OPENSSL_NO_CT -OPT_NOCT, OPT_REQUESTCT, OPT_REQUIRECT, OPT_CTLOG_FILE, +OPT_CT, OPT_NOCT, OPT_CTLOG_FILE, #endif OPT_DANE_TLSA_RRDATA } OPTION_CHOICE; @@ -831,9 +831,8 @@ OPTIONS s_client_options[] = { "Specify engine to be used for client certificate operations"}, #endif #ifndef OPENSSL_NO_CT +{"ct", OPT_CT, '-', "Request and parse SCTs (also enables OCSP stapling)"}, {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"}, -{"requestct", OPT_REQUESTCT, '-', "Request SCTs (enables OCSP stapling)"}, -{"requirect", OPT_REQUIRECT, '-', "Require at least 1 SCT (enables OCSP stapling)"}, {"ctlogfile", OPT_CTLOG_FIL
[openssl-commits] [openssl] master update
The branch master has been updated via ae6c553ecaa915d2689e66d68ac0965beba31e53 (commit) from adb4076ae06dd6ff01a62b1fcd73f02aadc5ecae (commit) - Log - commit ae6c553ecaa915d2689e66d68ac0965beba31e53 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Apr 3 20:58:09 2016 -0400 Fix mixed declarations and code Reviewed-by: Dr. Stephen Henson <st...@openssl.org> --- Summary of changes: apps/dsaparam.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 64e92ae..5c282be 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -264,13 +264,14 @@ int dsaparam_main(int argc, char **argv) if (C) { BIGNUM *p = NULL, *q = NULL, *g = NULL; +unsigned char *data; int len, bits_p; DSA_get0_pqg(dsa, , , ); len = BN_num_bytes(p); bits_p = BN_num_bits(p); -unsigned char *data = app_malloc(len + 20, "BN space"); +data = app_malloc(len + 20, "BN space"); BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p); print_bignum_var(bio_out, p, "dsap", len, data); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 51f6d88420f9289e8b3b395a709e1a0aedc8e163 (commit) from c3a7e0c565c5d41e7d9b910a45c2248c2f3d5152 (commit) - Log - commit 51f6d88420f9289e8b3b395a709e1a0aedc8e163 Author: Andy PolyakovDate: Fri Apr 1 18:17:01 2016 +0200 apps/Makefile.in: add tsget rule. Reviewed-by: Richard Levitte --- Summary of changes: apps/Makefile.in | 4 1 file changed, 4 insertions(+) diff --git a/apps/Makefile.in b/apps/Makefile.in index 064496b..d2ec0c7 100644 --- a/apps/Makefile.in +++ b/apps/Makefile.in @@ -151,5 +151,9 @@ CA.pl: CA.pl.in $(PERL) -I$(TOP) -Mconfigdata $(TOP)/util/dofile.pl -oapps/Makefile CA.pl.in > CA.pl.new mv CA.pl.new CA.pl +tsget: tsget.in + $(PERL) -I$(TOP) -Mconfigdata $(TOP)/util/dofile.pl -oapps/Makefile tsget.in > tsget.new + mv tsget.new tsget + # DO NOT DELETE THIS LINE -- make depend depends on it. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via c3a7e0c565c5d41e7d9b910a45c2248c2f3d5152 (commit) from bb3bdf0507ac5c9713a7e99d8652085b2f150b06 (commit) - Log - commit c3a7e0c565c5d41e7d9b910a45c2248c2f3d5152 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Apr 3 15:21:34 2016 -0400 After saving errno clear it before calls to strtol et. al. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: apps/opt.c | 4 1 file changed, 4 insertions(+) diff --git a/apps/opt.c b/apps/opt.c index 462894a..63d3215 100644 --- a/apps/opt.c +++ b/apps/opt.c @@ -373,6 +373,7 @@ int opt_long(const char *value, long *result) long l; char *endp; +errno = 0; l = strtol(value, , 0); if (*endp || endp == value @@ -398,6 +399,7 @@ int opt_imax(const char *value, intmax_t *result) intmax_t m; char *endp; +errno = 0; m = strtoimax(value, , 0); if (*endp || endp == value @@ -420,6 +422,7 @@ int opt_umax(const char *value, uintmax_t *result) uintmax_t m; char *endp; +errno = 0; m = strtoumax(value, , 0); if (*endp || endp == value @@ -445,6 +448,7 @@ int opt_ulong(const char *value, unsigned long *result) char *endptr; unsigned long l; +errno = 0; l = strtoul(value, , 0); if (*endptr || endptr == value _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via bb3bdf0507ac5c9713a7e99d8652085b2f150b06 (commit) via fbb82a60dcbe820714a246ab3e7617eaf3a7b656 (commit) via 70dd3c6593d87e4cbb56b485717cb2cfff730f3e (commit) from 0f1ef63bf1708fbbb1ab248d455f619ce2d5b1ac (commit) - Log - commit bb3bdf0507ac5c9713a7e99d8652085b2f150b06 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Mar 20 04:12:52 2016 -0400 make update Reviewed-by: Dr. Stephen Henson <st...@openssl.org> commit fbb82a60dcbe820714a246ab3e7617eaf3a7b656 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Mar 18 22:09:41 2016 -0400 Move peer chain security checks into x509_vfy.c A new X509_VERIFY_PARAM_set_auth_level() function sets the authentication security level. For verification of SSL peers, this is automatically set from the SSL security level. Otherwise, for now, the authentication security level remains at (effectively) 0 by default. The new "-auth_level" verify(1) option is available in all the command-line tools that support the standard verify(1) options. New verify(1) tests added to check enforcement of chain signature and public key security levels. Also added new tests of enforcement of the verify_depth limit. Updated documentation. Reviewed-by: Dr. Stephen Henson <st...@openssl.org> commit 70dd3c6593d87e4cbb56b485717cb2cfff730f3e Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sat Feb 27 14:17:28 2016 -0500 Tidy up x509_vfy callback handling Reviewed-by: Dr. Stephen Henson <st...@openssl.org> --- Summary of changes: apps/apps.h | 8 +- apps/opt.c| 5 + crypto/x509/x509_lcl.h| 4 +- crypto/x509/x509_lu.c | 4 +- crypto/x509/x509_txt.c| 6 + crypto/x509/x509_vfy.c| 661 -- crypto/x509/x509_vpm.c| 17 + doc/apps/cms.pod | 5 +- doc/apps/ocsp.pod | 7 +- doc/apps/s_client.pod | 5 +- doc/apps/s_server.pod | 5 +- doc/apps/smime.pod| 5 +- doc/apps/ts.pod | 21 +- doc/apps/verify.pod | 24 +- doc/crypto/X509_VERIFY_PARAM_set_flags.pod| 42 +- include/openssl/x509_vfy.h| 7 +- ssl/ssl_cert.c| 25 +- test/certs/ca-cert-768.pem| 15 + test/certs/ca-cert-768i.pem | 15 + test/certs/{ca+anyEKU.pem => ca-cert-md5-any.pem} | 16 +- test/certs/{ca-cert.pem => ca-cert-md5.pem} | 16 +- test/certs/ca-key-768.pem | 13 + test/certs/ee-cert-768.pem| 16 + test/certs/{ee-cert2.pem => ee-cert-768i.pem} | 15 +- test/certs/{ee-cert.pem => ee-cert-md5.pem} | 16 +- test/certs/ee-key-768.pem | 13 + test/certs/mkcert.sh | 10 +- test/certs/root-cert-768.pem | 11 + test/certs/{root-cert.pem => root-cert-md5.pem} | 16 +- test/certs/root-key-768.pem | 13 + test/certs/setup.sh | 30 + test/recipes/25-test_verify.t | 48 +- util/libcrypto.num| 2 + 33 files changed, 714 insertions(+), 402 deletions(-) create mode 100644 test/certs/ca-cert-768.pem create mode 100644 test/certs/ca-cert-768i.pem copy test/certs/{ca+anyEKU.pem => ca-cert-md5-any.pem} (54%) copy test/certs/{ca-cert.pem => ca-cert-md5.pem} (54%) create mode 100644 test/certs/ca-key-768.pem create mode 100644 test/certs/ee-cert-768.pem copy test/certs/{ee-cert2.pem => ee-cert-768i.pem} (50%) copy test/certs/{ee-cert.pem => ee-cert-md5.pem} (56%) create mode 100644 test/certs/ee-key-768.pem create mode 100644 test/certs/root-cert-768.pem copy test/certs/{root-cert.pem => root-cert-md5.pem} (53%) create mode 100644 test/certs/root-key-768.pem diff --git a/apps/apps.h b/apps/apps.h index 434ca54..a310dd2 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -180,6 +180,7 @@ void wait_for_async(SSL *s); OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \ OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \ OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \ +OPT_V_VERIFY_AUTH_LEVEL, \ OPT_V__LAST
[openssl-commits] [openssl] master update
The branch master has been updated via 4d9e33acb23472566ba0ae15d63c5562a0abf7a2 (commit) from 222e620baf5a55b251e716df955ce0db53c48b3b (commit) - Log - commit 4d9e33acb23472566ba0ae15d63c5562a0abf7a2 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Mar 29 19:40:03 2016 -0400 Require intermediate CAs to have basicConstraints CA:true. Previously, it was sufficient to have certSign in keyUsage when the basicConstraints extension was missing. That is still accepted in a trust anchor, but is no longer accepted in an intermediate CA. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: crypto/x509/x509_vfy.c| 3 ++- test/certs/ca-nonbc.pem | 18 ++ test/certs/mkcert.sh | 21 + test/certs/setup.sh | 1 + test/recipes/25-test_verify.t | 8 ++-- 5 files changed, 48 insertions(+), 3 deletions(-) create mode 100644 test/certs/ca-nonbc.pem diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index afd8299..ffa211b 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -484,8 +484,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ret = 1; break; default: +/* X509_V_FLAG_X509_STRICT is implicit for intermediate CAs */ if ((ret == 0) -|| ((ctx->param->flags & X509_V_FLAG_X509_STRICT) +|| ((i + 1 < num || ctx->param->flags & X509_V_FLAG_X509_STRICT) && (ret != 1))) { ret = 0; ctx->error = X509_V_ERR_INVALID_CA; diff --git a/test/certs/ca-nonbc.pem b/test/certs/ca-nonbc.pem new file mode 100644 index 000..013775b --- /dev/null +++ b/test/certs/ca-nonbc.pem @@ -0,0 +1,18 @@ +-BEGIN CERTIFICATE- +MIIC6zCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDMzMDAwMDE1N1oYDzIxMTYwMzMxMDAwMTU3WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNPME0wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAsGA1UdDwQEAwIBBjANBgkq +hkiG9w0BAQsFAAOCAQEAPo7bKKFLbwT3x7dw+OPZMDxwyG1pk5x+5SD7iv45mOzS +5lZ2ByaOH+jnjTfG6beNmTCbfq6RcHqTvD6LXYex5z9KliIL9Fpwh507uGDXmKDN +lM0zmbYhXiWGRwP5NkbB/EppbiSk42l5/ky4gmCH/a9kQfiBW+Gwe3aBwRX6v+5p +BLwH12YrM46DdEL4RHd2H/9rjSaX4X3aaZd9kZsf/yaOU65iQX15cNDfxkKncYQK +K+xjT2S/NLcwslkPzQLCWeWZVBV4Vd+TEjjZA1tFpu5e1oNlJYvGbqjIuUurpoxv +IhsVUfWJEf7KjpFy+kgPyijNYRUBFrMspdb6x771RQ== +-END CERTIFICATE- diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh index 7b892d2..99e7d2a 100755 --- a/test/certs/mkcert.sh +++ b/test/certs/mkcert.sh @@ -114,6 +114,27 @@ genca() { -set_serial 2 -days "${DAYS}" } +gen_nonbc_ca() { +local cn=$1; shift +local key=$1; shift +local cert=$1; shift +local cakey=$1; shift +local cacert=$1; shift +local skid="subjectKeyIdentifier = hash" +local akid="authorityKeyIdentifier = keyid" + +exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid") +exts=$(printf "%s\nkeyUsage = %s\n" "$exts" "keyCertSign, cRLSign") +for eku in "$@" +do +exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku") +done +csr=$(req "$key" "$cn") || return 1 +echo "$csr" | +cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \ + -set_serial 2 -days "${DAYS}" +} + genee() { local OPTIND=1 local purpose=serverAuth diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 8cf27ee..9606c77 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -74,6 +74,7 @@ openssl x509 -in sroot-cert.pem -trustout \ # ./mkcert.sh genca "CA" ca-key ca-cert root-key root-cert ./mkcert.sh genee "CA" ca-key ca-nonca root-key root-cert +./mkcert.sh gen_nonbc_ca "CA" ca-key ca-nonbc root-key root-cert ./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert ./mkcert.sh genca "CA2" ca-key ca-name2 root-key root-cert ./mkcert.sh genca "CA" ca-key ca-root2 root-key2 root-cert2 diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index c1d222b..d4131cc 100644 --- a/test/recipe
[openssl-commits] [openssl] master update
The branch master has been updated via 89ff989d01314a6104e5063edfce316c8325f339 (commit) from 3c27208fab1dc29f47f088490404df5abfcdfb05 (commit) - Log - commit 89ff989d01314a6104e5063edfce316c8325f339 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Mar 20 20:40:13 2016 -0400 Add a comment on dane_verify() logic Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: crypto/x509/x509_vfy.c | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index e2b1b96..afd8299 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2591,7 +2591,7 @@ static int check_dane_issuer(X509_STORE_CTX *ctx, int depth) return X509_TRUST_UNTRUSTED; /* - * Record any DANE trust anchor matches, for the first depth to test, if + * Record any DANE trust-anchor matches, for the first depth to test, if * there's one at that depth. (This'll be false for length 1 chains looking * for an exact match for the leaf certificate). */ @@ -2676,6 +2676,18 @@ static int dane_verify(X509_STORE_CTX *ctx) dane_reset(dane); +/*- + * When testing the leaf certificate, if we match a DANE-EE(3) record, + * dane_match() returns 1 and we're done. If however we match a PKIX-EE(1) + * record, the match depth and matching TLSA record are recorded, but the + * return value is 0, because we still need to find a PKIX trust-anchor. + * Therefore, when DANE authentication is enabled (required), we're done + * if: + * + matched < 0, internal error. + * + matched == 1, we matched a DANE-EE(3) record + * + matched == 0, mdepth < 0 (no PKIX-EE match) and there are no + * DANE-TA(2) or PKIX-TA(0) to test. + */ matched = dane_match(ctx, ctx->cert, 0); done = matched != 0 || (!DANETLS_HAS_TA(dane) && dane->mdpth < 0); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 37bbfd48377d7e952e2f293e406fd7fe48fa735c (commit) via ffc8d605e81c12d4ce06bce758df84f7945c0f02 (commit) via 1e7e1c8d5c06207c4f99eab1f3cff7a033358ae1 (commit) from 5a339364f75342978cc3943f788037cb47ee529e (commit) - Log - commit 37bbfd48377d7e952e2f293e406fd7fe48fa735c Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Mar 18 22:10:40 2016 -0400 Revert "Ignore the generated apps/progs.h" This reverts commit 91056e72693b4ee8cb5339d9091871ffc3b6f776. Reviewed-by: Rich Salz <rs...@openssl.org> commit ffc8d605e81c12d4ce06bce758df84f7945c0f02 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Mar 18 22:10:39 2016 -0400 Revert "Generate apps/progs.h on the fly" This reverts commit 04e2a527379ad12ca512aef4e838f94af22d7f79. Reviewed-by: Rich Salz <rs...@openssl.org> commit 1e7e1c8d5c06207c4f99eab1f3cff7a033358ae1 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Mar 18 22:10:33 2016 -0400 Revert "Include progs.h directly in openssl.c instead of via apps.h" This reverts commit a45d7d5388c6774a484cff4af13f188240d3d50b. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: .gitignore| 1 - Configurations/unix-Makefile.tmpl | 13 +- apps/apps.h | 2 + apps/build.info | 25 +-- apps/openssl.c| 2 +- apps/progs.h | 428 ++ 6 files changed, 450 insertions(+), 21 deletions(-) create mode 100644 apps/progs.h diff --git a/.gitignore b/.gitignore index 05127dd..ab9c380 100644 --- a/.gitignore +++ b/.gitignore @@ -41,7 +41,6 @@ Makefile # Auto generated headers -/apps/progs.h /crypto/buildinf.h /crypto/include/internal/*_conf.h /openssl/include/opensslconf.h diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 1923acc..8bcb224 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -617,7 +617,7 @@ generate: generate_apps generate_crypto_bn generate_crypto_objects lint: lint -DLINT $(INCLUDES) $(SRCS) -generate_apps: $(SRCDIR)/apps/openssl-vms.cnf +generate_apps: $(SRCDIR)/apps/openssl-vms.cnf $(SRCDIR)/apps/progs.h generate_crypto_bn: $(SRCDIR)/crypto/bn/bn_prime.h @@ -695,6 +695,17 @@ $(SRCDIR)/apps/openssl-vms.cnf: $(SRCDIR)/apps/openssl.cnf $(PERL) $(SRCDIR)/VMS/VMSify-conf.pl \ < $(SRCDIR)/apps/openssl.cnf > $(SRCDIR)/apps/openssl-vms.cnf +{- # because the program apps/openssl has object files as sources, and + # they then have the corresponding C files as source, we need to chain + # the lookups in %unified_info + my $apps_openssl = catfile("apps","openssl"); + our @openssl_source = map { @{$unified_info{sources}->{$_}} } + @{$unified_info{sources}->{$apps_openssl}}; + ""; -} +$(SRCDIR)/apps/progs.h: + $(RM) $@ + $(PERL) $(SRCDIR)/apps/progs.pl {- join(" ", @openssl_source) -} > $@ + $(SRCDIR)/crypto/bn/bn_prime.h: $(SRCDIR)/crypto/bn/bn_prime.pl $(PERL) $(SRCDIR)/crypto/bn/bn_prime.pl > $(SRCDIR)/crypto/bn/bn_prime.h diff --git a/apps/apps.h b/apps/apps.h index 633b344..e7ea461 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -631,4 +631,6 @@ extern int verify_quiet; extern int verify_error; extern int verify_return_error; +# include "progs.h" + #endif diff --git a/apps/build.info b/apps/build.info index 12a1a7e..d581aad 100644 --- a/apps/build.info +++ b/apps/build.info @@ -1,27 +1,16 @@ -{- use File::Spec::Functions qw/catdir catfile rel2abs/; - our @cmd_srcs = ( -"asn1pars.c", "ca.c", "ciphers.c", "cms.c", "crl.c", "crl2p7.c", -"dgst.c", "dhparam.c", "dsa.c", "dsaparam.c", "ec.c", "ecparam.c", -"enc.c", "engine.c", "errstr.c", "gendsa.c", "genpkey.c", "genrsa.c", -"nseq.c", "ocsp.c", "passwd.c", "pkcs12.c", "pkcs7.c", "pkcs8.c", -"pkey.c", "pkeyparam.c", "pkeyutl.c", "prime.c", "rand.c", "req.c", -"rsa.c", "rsautl.c", "s_client.c", "s_server.c", "s_time.c", -"sess_id.c", "smime.c", "speed.c", "spkac.c", "srp.c", "ts.c", -"verify.c", "version.c"
[openssl-commits] [openssl] master update
The branch master has been updated via b5f40eb279e37c86d0634db5ffcc37517ea97694 (commit) from 748f254657ab900c0de5e9e1843150c2df4c4bea (commit) - Log - commit b5f40eb279e37c86d0634db5ffcc37517ea97694 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Mar 16 23:58:58 2016 -0400 Bugfix: Encode the requested length in s_cb.c:hexencode() Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: apps/s_cb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/s_cb.c b/apps/s_cb.c index 047f2ce..66b2a50 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1106,7 +1106,7 @@ static char *hexencode(const unsigned char *data, size_t len) } cp = out = app_malloc(ilen, "TLSA hex data buffer"); -while (ilen-- > 0) { +while (len-- > 0) { *cp++ = hex[(*data >> 4) & 0x0f]; *cp++ = hex[*data++ & 0x0f]; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via dd60efea955e41a6f0926f93ec1503c6f83c4e58 (commit) from 29f082603a14bd8d6816a71a17f7c76adca7817d (commit) - Log - commit dd60efea955e41a6f0926f93ec1503c6f83c4e58 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Mar 8 15:20:02 2016 -0500 Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag Reviewed-by: Dr. Stephen Henson <st...@openssl.org> --- Summary of changes: crypto/x509v3/v3_utl.c | 6 ++ doc/crypto/X509_check_host.pod | 8 include/openssl/x509v3.h | 2 ++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 66b5711..a220b27 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -978,14 +978,12 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, GENERAL_NAMES_free(gens); if (rv != 0) return rv; -if (cnid == NID_undef -|| (san_present -&& !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) +if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)) return 0; } /* We're done if CN-ID is not pertinent */ -if (cnid == NID_undef) +if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT)) return 0; i = -1; diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod index 23447f4..d35ade8 100644 --- a/doc/crypto/X509_check_host.pod +++ b/doc/crypto/X509_check_host.pod @@ -70,6 +70,8 @@ flags: =item B, +=item B, + =item B, =item B, @@ -86,6 +88,12 @@ one subject alternative name of the right type (DNS name or email address as appropriate); the default is to ignore the subject DN when at least one corresponding subject alternative names is present. +The B flag causes the function to never +consider the subject DN even if the certificate contains no subject alternative +names of the right type (DNS name or email address as appropriate); the default +is to use the subject DN when no corresponding subject alternative names are +present. + If set, B disables wildcard expansion; this only applies to B. diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index fa21208..b0f1545 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -737,6 +737,8 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); # define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 /* Constraint verifier subdomain patterns to match a single labels. */ # define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Never check the subject CN */ +# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT0x20 /* * Match reference identifiers starting with "." to any sub-domain. * This is a non-public flag, turned on implicitly when the subject _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
The branch OpenSSL_1_0_1-stable has been updated via 5bac9d44e712bc4acfbdd156244fca4486285ec9 (commit) from a15971944091fa01d959566b17ce86225346c83c (commit) - Log - commit 5bac9d44e712bc4acfbdd156244fca4486285ec9 Author: Viktor Dukhovni <vik...@twosigma.com> Date: Mon Mar 7 21:10:38 2016 + Retain SSLv2 methods as functions that return NULL This improves ABI compatibility when symbol resolution is not lazy. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: ssl/s2_meth.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c index b312f17..d46e2f5 100644 --- a/ssl/s2_meth.c +++ b/ssl/s2_meth.c @@ -74,8 +74,8 @@ IMPLEMENT_ssl2_meth_func(SSLv2_method, ssl2_accept, ssl2_connect, ssl2_get_method) #else /* !OPENSSL_NO_SSL2 */ -# if PEDANTIC -static void *dummy = -# endif +SSL_METHOD *SSLv2_method(void) { return NULL; } +SSL_METHOD *SSLv2_client_method(void) { return NULL; } +SSL_METHOD *SSLv2_server_method(void) { return NULL; } #endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 133138569f37d149ed1d7641fe8c75a93fded445 (commit) from 29cce508972f61511318bf8cf7011fae027cddb2 (commit) - Log - commit 133138569f37d149ed1d7641fe8c75a93fded445 Author: Viktor Dukhovni <vik...@twosigma.com> Date: Mon Mar 7 21:10:38 2016 + Retain SSLv2 methods as functions that return NULL This improves ABI compatibility when symbol resolution is not lazy. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: ssl/s2_meth.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c index b312f17..d46e2f5 100644 --- a/ssl/s2_meth.c +++ b/ssl/s2_meth.c @@ -74,8 +74,8 @@ IMPLEMENT_ssl2_meth_func(SSLv2_method, ssl2_accept, ssl2_connect, ssl2_get_method) #else /* !OPENSSL_NO_SSL2 */ -# if PEDANTIC -static void *dummy = -# endif +SSL_METHOD *SSLv2_method(void) { return NULL; } +SSL_METHOD *SSLv2_client_method(void) { return NULL; } +SSL_METHOD *SSLv2_server_method(void) { return NULL; } #endif _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ebc4815fa56b64d711ada36899a35182a99cbbdb (commit) from e1d9f1ab39eeab0c3c2b9415e08c05858f77 (commit) - Log - commit ebc4815fa56b64d711ada36899a35182a99cbbdb Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Mar 6 20:01:20 2016 -0500 Don't free NCONF obtained values Bug reported by Michel Sales. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: apps/req.c | 24 +++- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/apps/req.c b/apps/req.c index 693acc2..b128fa8 100644 --- a/apps/req.c +++ b/apps/req.c @@ -198,7 +198,9 @@ int req_main(int argc, char **argv) char *extensions = NULL, *infile = NULL; char *outfile = NULL, *keyfile = NULL, *inrand = NULL; char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL; -char *passin = NULL, *passout = NULL, *req_exts = NULL, *subj = NULL; +char *passin = NULL, *passout = NULL; +char *nofree_passin = NULL, *nofree_passout = NULL; +char *req_exts = NULL, *subj = NULL; char *template = default_config_file, *keyout = NULL; const char *keyalg = NULL; OPTION_CHOICE o; @@ -436,15 +438,17 @@ int req_main(int argc, char **argv) } } -if (!passin) { -passin = NCONF_get_string(req_conf, SECTION, "input_password"); -if (!passin) +if (passin == NULL) { +passin = nofree_passin = +NCONF_get_string(req_conf, SECTION, "input_password"); +if (passin == NULL) ERR_clear_error(); } -if (!passout) { -passout = NCONF_get_string(req_conf, SECTION, "output_password"); -if (!passout) +if (passout == NULL) { +passout = nofree_passout = +NCONF_get_string(req_conf, SECTION, "output_password"); +if (passout == NULL) ERR_clear_error(); } @@ -862,8 +866,10 @@ int req_main(int argc, char **argv) X509_REQ_free(req); X509_free(x509ss); ASN1_INTEGER_free(serial); -OPENSSL_free(passin); -OPENSSL_free(passout); +if (passin != nofree_passin) +OPENSSL_free(passin); +if (passout != nofree_passout) +OPENSSL_free(passout); OBJ_cleanup(); return (ret); } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via f04abe7d500eeebc078a0ffb0e82997d5f62b2df (commit) from c8cca980dc9a3d38eed6356219b84fcb5e257e0a (commit) - Log - commit f04abe7d500eeebc078a0ffb0e82997d5f62b2df Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Thu Mar 3 23:30:42 2016 -0500 Improved HKDF and TLS1-PRF documentation Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: doc/apps/pkeyutl.pod | 13 - doc/crypto/EVP_PKEY_HKDF.pod | 26 +- doc/crypto/EVP_PKEY_TLS1_PRF.pod | 13 - 3 files changed, 37 insertions(+), 15 deletions(-) diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod index 0426009..1c8e83f 100644 --- a/doc/apps/pkeyutl.pod +++ b/doc/apps/pkeyutl.pod @@ -123,12 +123,15 @@ derive a shared secret using the peer key. =item B<-kdf algorithm> -Use key derivation function B. Note: additional paramers -will normally have to be set and the KDF output length for this to work. +Use key derivation function B. The supported algorithms are +at present B and B. +Note: additional paramers and the KDF output length will normally have to be +set for this to work. See L<EVP_PKEY_HKDF(3)> and L<EVP_PKEY_TLS1_PRF(3)> +for the supported string parameters of each algorithm. =item B<-kdflen length> -Set the ouput length for KDF. +Set the output length for KDF. =item B<-pkeyopt opt:value> @@ -155,7 +158,6 @@ for all available algorithms. When used with the B<-engine> option, it specifies to also use engine B for crypto operations. - =back =head1 NOTES @@ -269,4 +271,5 @@ seed consisting of the single byte 0xFF. =head1 SEE ALSO L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)> -L<dgst(1)>, L<rsa(1)>, L<genrsa(1)> +L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>, +L<EVP_PKEY_HKDF(3)>, L<EVP_PKEY_TLS1_PRF(3)> diff --git a/doc/crypto/EVP_PKEY_HKDF.pod b/doc/crypto/EVP_PKEY_HKDF.pod index d44e130..00c0a76 100644 --- a/doc/crypto/EVP_PKEY_HKDF.pod +++ b/doc/crypto/EVP_PKEY_HKDF.pod @@ -23,7 +23,7 @@ HMAC-based Extract-and-Expand key derivation algorithm =head1 DESCRIPTION -The EVP_PKEY_HKDF alogorithm implements the HKDF key derivation function. +The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function. HKDF follows the "extract-then-expand" paradigm, where the KDF logically consists of two modules. The first stage takes the input keying material and "extracts" from it a fixed-length pseudorandom key K. The second stage @@ -42,6 +42,17 @@ EVP_PKEY_CTX_add1_hkdf_info() sets the info value to B bytes of the buffer B. If a value is already set, it is appended to the existing value. +=head1 STRING CTRLS + +HKDF also supports string based control operations via +L<EVP_PKEY_CTX_ctrl_str(3)>. +The B parameter "md" uses the supplied B as the name of the digest +algorithm to use. +The B parameters "salt", "key" and "info" use the supplied B +parameter as a B, B or B value. +The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex +string which is converted to binary. + =head1 NOTES All these functions are implemented as macros. @@ -56,9 +67,13 @@ an error occurs. The total length of the info buffer cannot exceed 1024 bytes in length: this should be more than enough for any normal use of HKDF. -The output length of the KDF is specified by the length parameter in the -EVP_PKEY_derive() function. Since the output length is variable, setting -the buffer to B is not meaningful for HKDF. +The output length of the KDF is specified via the length parameter to the +L<EVP_PKEY_derive(3)> function. +Since the HKDF output length is variable, passing a B buffer as a means +to obtain the requisite length is not meaningful with HKDF. +Instead, the caller must allocate a buffer of the desired length, and pass that +buffer to L<EVP_PKEY_derive(3)> along with (a pointer initialized to) the +desired length. Optimised versions of HKDF can be implemented in an ENGINE. @@ -98,6 +113,7 @@ RFC 5869 =head1 SEE ALSO L<EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_derive(3)>, +L<EVP_PKEY_CTX_ctrl_str(3)>, +L<EVP_PKEY_derive(3)> =cut diff --git a/doc/crypto/EVP_PKEY_TLS1_PRF.pod b/doc/crypto/EVP_PKEY_TLS1_PRF.pod index e2a695d..e2264fc 100644 --- a/doc/crypto/EVP_PKEY_TLS1_PRF.pod +++ b/doc/crypto/EVP_PKEY_TLS1_PRF.pod @@ -36,10 +36,13 @@ If a seed is already set it is appended to the existing value. =head1 STRING CTRLS The TLS PRF also supports string based control operations using -EVP_PKEY_CTX_ctrl_str(). The B parameters "secret" and "seed" use -the supplied B para
[openssl-commits] [openssl] master update
The branch master has been updated via dca97e9bfdfbb62b9a4f664ee901a826bc338ad7 (commit) from 834aae2a99eeab7be8da4b8370188bc56f862e96 (commit) - Log - commit dca97e9bfdfbb62b9a4f664ee901a826bc338ad7 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sat Feb 20 18:17:28 2016 -0500 Work-around for proxy->s_server retry logic Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: util/TLSProxy/Proxy.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index 7d21f4e..96e3681 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -269,7 +269,9 @@ sub clientstart ); $retry--; -if (!$server_sock) { +if ($@ || !defined($server_sock)) { +$server_sock->close() if defined($server_sock); +undef $server_sock; if ($retry) { #Sleep for a short while select(undef, undef, undef, 0.1); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 31305cdf9f5648a18c5a12854b08df7c9e4069fc (commit) from 6762a14779e262d181fd9e076919253201eec09e (commit) - Log - commit 31305cdf9f5648a18c5a12854b08df7c9e4069fc Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Feb 14 15:25:54 2016 -0500 Fixes to make no-deprecated work again Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: crypto/conf/conf_sap.c | 2 ++ crypto/engine/eng_all.c | 32 +++- crypto/init.c | 1 + 3 files changed, 6 insertions(+), 29 deletions(-) diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 45c08e6..2021a02 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -75,6 +75,7 @@ static int openssl_configured = 0; +#if OPENSSL_API_COMPAT < 0x1010L void OPENSSL_config(const char *config_name) { OPENSSL_INIT_SETTINGS settings; @@ -83,6 +84,7 @@ void OPENSSL_config(const char *config_name) settings.config_name = strdup(config_name); OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, ); } +#endif void openssl_config_internal(const char *config_name) { diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 6dceed6..6df6ef1 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -63,34 +63,8 @@ void ENGINE_load_builtin_engines(void) { /* Some ENGINEs need this */ OPENSSL_cpuid_setup(); -#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) -# ifdef ENGINE_load_cryptodev -ENGINE_load_cryptodev(); -# endif -#endif -#ifndef OPENSSL_NO_RDRAND -# ifdef ENGINE_load_rdrand -ENGINE_load_rdrand(); -# endif -#endif -# ifdef ENGINE_load_dynamic -ENGINE_load_dynamic(); -# endif -#ifndef OPENSSL_NO_STATIC_ENGINE -# ifndef OPENSSL_NO_HW -# ifndef OPENSSL_NO_HW_PADLOCK -# ifdef ENGINE_load_padlock -ENGINE_load_padlock(); -# endif -# endif -# endif -# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) -# ifdef ENGINE_load_capi -ENGINE_load_capi(); -# endif -# endif -#endif -ENGINE_register_all_complete(); + +OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); } #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) @@ -98,7 +72,7 @@ void ENGINE_setup_bsd_cryptodev(void) { static int bsd_cryptodev_default_loaded = 0; if (!bsd_cryptodev_default_loaded) { -ENGINE_load_cryptodev(); +OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL); ENGINE_register_all_complete(); } bsd_cryptodev_default_loaded = 1; diff --git a/crypto/init.c b/crypto/init.c index e58b119..25e3dc7 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -57,6 +57,7 @@ #include #include +#include #include #include #include _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ce3d25d3e5a7e82fd59fd30dff7acc39baed8b5e (commit) from e314c340736830a6fc0260cf72cc51ea0c227e9d (commit) - Log - commit ce3d25d3e5a7e82fd59fd30dff7acc39baed8b5e Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sat Feb 13 02:53:13 2016 -0500 Fix some issues near recent chomp changes. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: apps/CA.pl.in | 6 +++--- crypto/perlasm/x86_64-xlate.pl | 2 +- util/files.pl | 6 +++--- util/mk1mf.pl | 4 +++- util/mkfiles.pl| 4 ++-- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/apps/CA.pl.in b/apps/CA.pl.in index fbba457..f5e8e4a 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -120,9 +120,9 @@ if ($WHAT eq '-newcert' ) { close OUT; # ask user for existing CA certificate print "CA certificate filename (or enter to create)\n"; -$FILE = ; -$FILE = s|\R$|| if $FILE; -if ($FILE) { +$FILE = "" unless defined($FILE = ); +$FILE =~ s{\R$}{}; +if ($FILE ne "") { copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); } else { diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index a0b3bc0..0a023fb 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -850,7 +850,7 @@ ___ OPTION DOTNAME ___ } -while($line=<>) { +while(defined($line=<>)) { $line =~ s|\R$||; # Better chomp diff --git a/util/files.pl b/util/files.pl index d984196..32e7125 100755 --- a/util/files.pl +++ b/util/files.pl @@ -25,8 +25,8 @@ while (<>) { $b=$`; # Keep what is before the backslash $o.=$b." "; - $b=<>; - $b =~ s|\R$||; # Better chomp + $b = "" unless defined($b = <>); + $b =~ s{\R$}{}; } else { @@ -43,7 +43,7 @@ while (<>) } } -$pwd=`pwd`; $pwd =~ s|\R$||; +($pwd=`pwd`) =~ s{\R$}{}; if ($sym{'TOP'} eq ".") { diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 3a9f0d7..f29e50b 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -553,8 +553,10 @@ if ($fips) { open (IN, "util/fipslib_path.txt") || fipslib_error(); $fipslibdir = ; - $fipslibdir =~ s|\R$||; close IN; + $fipslibdir = "" unless defined($fipslibdir); + $fipslibdir =~ s{\R$}{}; + fipslib_error() if ($fipslibdir eq ""); } fips_check_files($fipslibdir, "fipscanister.lib", "fipscanister.lib.sha1", diff --git a/util/mkfiles.pl b/util/mkfiles.pl index 4fbe29a..55dfbc6 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -107,8 +107,8 @@ while () { $b=$`; $o.=$b." "; - $b=; - $b =~ s|\R$||; + $b = "" unless defined($b = ); + $b =~ s{\R$}{}; } else { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 82049c543cb71619bc23b4e2313f3f3eb405660a (commit) from 7687f5255011a5a3ca75e8c5427683d58ae411c0 (commit) - Log - commit 82049c543cb71619bc23b4e2313f3f3eb405660a Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Feb 12 16:36:06 2016 -0500 Move brace outside #ifdef Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/statem/statem_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 6d4a536..8effb0f 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -623,8 +623,8 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pk) return SSL_PKEY_GOST12_256; case NID_id_GostR3410_2012_512: return SSL_PKEY_GOST12_512; -} #endif +} } int ssl_verify_alarm_type(long type) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 17a723885e8a875fc19d5140f580f80a113ba78f (commit) from 27f172d9a3f3ec9901439b4823c95788598fa367 (commit) - Log - commit 17a723885e8a875fc19d5140f580f80a113ba78f Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Feb 10 23:53:54 2016 -0500 Simplify ssl_cert_type() by taking advantage of X509_get0_pubkey Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/statem/statem_lib.c | 51 +++-- 1 file changed, 20 insertions(+), 31 deletions(-) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 49b5e48..6d4a536 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -599,43 +599,32 @@ int tls_get_message_body(SSL *s, unsigned long *len) return 1; } -int ssl_cert_type(X509 *x, EVP_PKEY *pkey) +int ssl_cert_type(X509 *x, EVP_PKEY *pk) { -EVP_PKEY *pk; -int ret = -1, i; - -if (pkey == NULL) -pk = X509_get_pubkey(x); -else -pk = pkey; -if (pk == NULL) -goto err; - -i = EVP_PKEY_id(pk); -if (i == EVP_PKEY_RSA) { -ret = SSL_PKEY_RSA_ENC; -} else if (i == EVP_PKEY_DSA) { -ret = SSL_PKEY_DSA_SIGN; -} +if (pk == NULL && +(pk = X509_get0_pubkey(x)) == NULL) +return -1; + +switch (EVP_PKEY_id(pk)) { +default: +return -1; +case EVP_PKEY_RSA: +return SSL_PKEY_RSA_ENC; +case EVP_PKEY_DSA: +return SSL_PKEY_DSA_SIGN; #ifndef OPENSSL_NO_EC -else if (i == EVP_PKEY_EC) { -ret = SSL_PKEY_ECC; -} +case EVP_PKEY_EC: +return SSL_PKEY_ECC; #endif #ifndef OPENSSL_NO_GOST -else if (i == NID_id_GostR3410_2001) { -ret = SSL_PKEY_GOST01; -} else if (i == NID_id_GostR3410_2012_256) { -ret = SSL_PKEY_GOST12_256; -} else if (i == NID_id_GostR3410_2012_512) { -ret = SSL_PKEY_GOST12_512; +case NID_id_GostR3410_2001: +return SSL_PKEY_GOST01; +case NID_id_GostR3410_2012_256: +return SSL_PKEY_GOST12_256; +case NID_id_GostR3410_2012_512: +return SSL_PKEY_GOST12_512; } #endif - - err: -if (!pkey) -EVP_PKEY_free(pk); -return (ret); } int ssl_verify_alarm_type(long type) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ce023e77d7b208016276157fa14a6e2636649e85 (commit) from 24f0b10462792c202a0fe1952974fcace1e2c563 (commit) - Log - commit ce023e77d7b208016276157fa14a6e2636649e85 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Thu Feb 11 13:44:53 2016 -0500 Fix MacOS/X build warnings Commit 7823d792d0cad3b44ad5389a8d3381becefe7f44 added DEFINE_LHASH_OF to a C source file. DEFINE_LHASH_OF() and DEFINE_STACK_OF() must be used only in header files to avoid clang warnings for unused static-inline functions. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/ssl_cert.c | 2 -- ssl/ssl_locl.h | 3 ++- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index cc82fff..faa7a95 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -647,8 +647,6 @@ static unsigned long xname_hash(const X509_NAME *a) return X509_NAME_hash((X509_NAME *)a); } -DEFINE_LHASH_OF(X509_NAME); - /** * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; * it doesn't really have anything to do with clients (except that a common use diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index d7a7d01..7fdb263 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -685,7 +685,8 @@ struct ssl_comp_st { }; DEFINE_LHASH_OF(SSL_SESSION); - +/* Needed in ssl_cert.c */ +DEFINE_LHASH_OF(X509_NAME); struct ssl_ctx_st { const SSL_METHOD *method; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 5e136d7abf0945664fa40c7a032abed13fd15c81 (commit) via d33def662443c4b534c6b261a3b01f3960339c78 (commit) from 056be06b4dfd7eaf7914febd043e9b446e1ed772 (commit) - Log - commit 5e136d7abf0945664fa40c7a032abed13fd15c81 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Feb 9 14:18:15 2016 -0500 Improve recent option help string additions Make these more correct, concise and less tautological. Reviewed-by: Stephen Henson <st...@openssl.org> commit d33def662443c4b534c6b261a3b01f3960339c78 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Feb 9 14:17:13 2016 -0500 Deprecate the -issuer_checks debugging option This was a developer debugging feature and was never a useful public interface. Added all missing X509 error codes to the verify(1) manpage, but many still need a description beyond the associated text string. Sorted the errors in x509_txt.c by error number. Reviewed-by: Stephen Henson <st...@openssl.org> --- Summary of changes: apps/apps.h| 60 +- apps/opt.c | 2 +- crypto/x509/x509_txt.c | 27 +++-- crypto/x509/x509_vfy.c | 11 +- doc/apps/cms.pod | 11 +- doc/apps/ocsp.pod | 11 +- doc/apps/s_client.pod | 11 +- doc/apps/s_server.pod | 14 +-- doc/apps/smime.pod | 11 +- doc/apps/verify.pod| 171 + doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 8 +- include/openssl/x509_vfy.h | 14 +-- 12 files changed, 228 insertions(+), 123 deletions(-) diff --git a/apps/apps.h b/apps/apps.h index 3c132e7..8ac7c03 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -194,47 +194,49 @@ void wait_for_async(SSL *s); # define OPT_V_OPTIONS \ { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \ { "purpose", OPT_V_PURPOSE, 's', \ -"Set the acceptable purpose of the certificate chain"}, \ -{ "verify_name", OPT_V_VERIFY_NAME, 's', "verify name"}, \ +"certificate chain purpose"}, \ +{ "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \ { "verify_depth", OPT_V_VERIFY_DEPTH, 'p', \ -"Limit the maximum depth of the certificate chain"}, \ -{ "attime", OPT_V_ATTIME, 'M', "Set the verification time" }, \ +"chain depth limit"}, \ +{ "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \ { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \ -"check peer certificate matches \"host\"" }, \ +"expected peer hostname" }, \ { "verify_email", OPT_V_VERIFY_EMAIL, 's', \ -"check peer certificate matches \"email\"" }, \ +"expected peer email" }, \ { "verify_ip", OPT_V_VERIFY_IP, 's', \ -"check peer certificate matches \"ipaddr\"" }, \ +"expected peer IP address" }, \ { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \ -"Disable critical extension checking"}, \ -{ "issuer_checks", OPT_V_ISSUER_CHECKS, '-', \ -"Enable debugging of certificate issuer checks"}, \ -{ "crl_check", OPT_V_CRL_CHECK, '-', "Check that peer cert has not been revoked" }, \ -{ "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "Also check all certs in the chain" }, \ -{ "policy_check", OPT_V_POLICY_CHECK, '-', "Enable certificate policy checking"}, \ -{ "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', "Set the \"require explicit policy\""}, \ -{ "inhibit_any", OPT_V_INHIBIT_ANY, '-', "Set the \"inhibit any policy\"\""}, \ -{ "inhibit_map", OPT_V_INHIBIT_MAP, '-', "Set the \"inhibit policy mapping\"" }, \ +"permit unhandled critical extensions"}, \ +{ "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \ +{ "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \ +{ "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain
[openssl-commits] [openssl] master update
The branch master has been updated via c0a445a9f279d8c4a519b58e52a50112f2341070 (commit) from 2d9a9d8aac9c365cd36c072b72cba2525e63c454 (commit) - Log - commit c0a445a9f279d8c4a519b58e52a50112f2341070 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Feb 7 19:07:57 2016 -0500 Suppress DANE TLSA reflection when verification fails As documented both SSL_get0_dane_authority() and SSL_get0_dane_tlsa() are expected to return a negative match depth and nothing else when verification fails. However, this only happened when verification failed during chain construction. Errors in verification of the constructed chain did not have the intended effect on these functions. This commit updates the functions to check for verify_result == X509_V_OK, and no longer erases any accumulated match information when chain construction fails. Sophisticated developers can, with care, use SSL_set_verify_result(ssl, X509_V_OK) to "peek" at TLSA info even when verification fail. They must of course first check and save the real error, and restore the original error as quickly as possible. Hiding by default seems to be the safer interface. Introduced X509_V_ERR_DANE_NO_MATCH code to signal failure to find matching TLSA records. Previously reported via X509_V_ERR_CERT_UNTRUSTED. This also changes the "-brief" output from s_client to include verification results and TLSA match information. Mentioned session resumption in code example in SSL_CTX_dane_enable(3). Also mentioned that depths returned are relative to the verified chain which is now available via SSL_get0_verified_chain(3). Added a few more test-cases to danetest, that exercise the new code. Resolved thread safety issue in use of static buffer in X509_verify_cert_error_string(). Fixed long-stating issue in apps/s_cb.c which always sets verify_error to either X509_V_OK or "chain to long", code elsewhere (e.g. s_time.c), seems to expect the actual error. [ The new chain construction code is expected to correctly generate "chain too long" errors, so at some point we need to drop the work-arounds, once SSL_set_verify_depth() is also fixed to propagate the depth to X509_STORE_CTX reliably. ] Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: apps/s_apps.h | 1 + apps/s_cb.c | 78 +- apps/s_client.c | 16 +--- crypto/x509/x509_txt.c | 10 ++- crypto/x509/x509_vfy.c | 8 +- doc/apps/s_client.pod | 9 +- doc/ssl/SSL_CTX_dane_enable.pod | 30 ++- include/openssl/x509_vfy.h | 2 + ssl/ssl_lib.c | 4 +- test/certs/mkcert.sh| 2 +- test/danetest.c | 8 ++ test/danetest.in| 178 12 files changed, 294 insertions(+), 52 deletions(-) diff --git a/apps/s_apps.h b/apps/s_apps.h index e9b6f40..8e12c21 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -192,6 +192,7 @@ void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc); void ssl_excert_free(SSL_EXCERT *exc); int args_excert(int option, SSL_EXCERT **pexc); int load_excert(SSL_EXCERT **pexc); +void print_verify_detail(SSL *s, BIO *bio); void print_ssl_summary(SSL *s); #ifdef HEADER_SSL_H int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, diff --git a/apps/s_cb.c b/apps/s_cb.c index 096471a8..30c9147 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -167,7 +167,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) if (verify_depth >= depth) { if (!verify_return_error) ok = 1; -verify_error = X509_V_OK; +verify_error = err; } else { ok = 0; verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG; @@ -1086,6 +1086,80 @@ static void print_raw_cipherlist(SSL *s) BIO_puts(bio_err, "\n"); } +/* + * Hex encoder for TLSA RRdata, not ':' delimited. + */ +static char *hexencode(const unsigned char *data, size_t len) +{ +static const char *hex = "0123456789abcdef"; +char *out; +char *cp; +size_t outlen = 2 * len + 1; +int ilen = (int) outlen; + +if (outlen < len || ilen < 0 || outlen != (size_t)ilen) { +BIO_printf(bio_err, "%s: %" PRIu64 "-byte buffer too large to hexencode\n", + opt_getprog(), (uint64_t)len); +exit(1); +} +cp = out = app_malloc(ilen, "TLSA hex data buffer"); + +while (ilen-- > 0) { +*cp++ = hex[(*data >> 4) & 0x0f]; +*cp++ = hex[
[openssl-commits] [openssl] master update
The branch master has been updated via d1b105827aef49ae16fd2d321bafa92b1a6489c9 (commit) from 48cc4ad020213c83c34b225820522fe64163b522 (commit) - Log - commit d1b105827aef49ae16fd2d321bafa92b1a6489c9 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sat Feb 6 15:17:11 2016 -0500 Allocate bio_err before turning on memleak checks Reviewed-by: Tim Hudson <t...@openssl.org> --- Summary of changes: test/danetest.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/danetest.c b/test/danetest.c index 92a3b1b..cad751f 100644 --- a/test/danetest.c +++ b/test/danetest.c @@ -471,6 +471,8 @@ int main(int argc, char *argv[]) CAfile = argv[2]; tlsafile = argv[3]; +bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + p = getenv("OPENSSL_DEBUG_MEMORY"); if (p != NULL && strcmp(p, "on") == 0) CRYPTO_set_mem_debug(1); @@ -483,8 +485,6 @@ int main(int argc, char *argv[]) return 0; } -bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - SSL_library_init(); SSL_load_error_strings(); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via cc5a9ba485b988b036974cf682cda35180788446 (commit) from 424d5db24803d2e4e1e406eb73262dea76761da4 (commit) - Log - commit cc5a9ba485b988b036974cf682cda35180788446 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Feb 3 16:45:39 2016 -0500 Restore -no_comp switch for backwards compatible behaviour Reviewed-by: Emilia Käsper <emi...@openssl.org> --- Summary of changes: apps/apps.h | 6 -- doc/apps/s_client.pod| 15 +++ doc/apps/s_server.pod| 15 +++ doc/ssl/SSL_CONF_cmd.pod | 11 ++- ssl/ssl_conf.c | 4 +++- util/TLSProxy/Proxy.pm | 2 +- 6 files changed, 48 insertions(+), 5 deletions(-) diff --git a/apps/apps.h b/apps/apps.h index 52e57f8..15a044e 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -285,11 +285,11 @@ void wait_for_async(SSL *s); # define OPT_S_ENUM \ OPT_S__FIRST=3000, \ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ -OPT_S_BUGS, OPT_S_COMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \ +OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \ OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \ -OPT_S_DHPARAM, OPT_S_DEBUGBROKE, \ +OPT_S_DHPARAM, OPT_S_DEBUGBROKE, OPT_S_COMP, \ OPT_S__LAST # define OPT_S_OPTIONS \ @@ -298,6 +298,7 @@ void wait_for_async(SSL *s); {"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \ {"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \ {"bugs", OPT_S_BUGS, '-' }, \ +{"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \ {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ {"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \ {"no_ticket", OPT_S_NOTICKET, '-' }, \ @@ -327,6 +328,7 @@ void wait_for_async(SSL *s); case OPT_S_NOTLS1_1: \ case OPT_S_NOTLS1_2: \ case OPT_S_BUGS: \ +case OPT_S_NO_COMP: \ case OPT_S_COMP: \ case OPT_S_ECDHSINGLE: \ case OPT_S_NOTICKET: \ diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 2d5ef41..e9f3280 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -71,6 +71,8 @@ B B [B<-fallback_scsv>] [B<-async>] [B<-bugs>] +[B<-comp>] +[B<-no_comp>] [B<-cipher cipherlist>] [B<-serverpref>] [B<-starttls protocol>] @@ -326,6 +328,19 @@ is also used via the B<-engine> option. For test purposes the dummy async engine there are several known bug in SSL and TLS implementations. Adding this option enables various workarounds. +=item B<-comp> + +Enables support for SSL/TLS compression. +This option was introduced in OpenSSL 1.1.0. +TLS compression is not recommended and is off by default as of +OpenSSL 1.1.0. + +=item B<-no_comp> + +Disables support for SSL/TLS compression. +TLS compression is not recommended and is off by default as of +OpenSSL 1.1.0. + =item B<-brief> only provide a brief summary of connection parameters instead of the diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 59d600d..b9ef5e6 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -77,6 +77,8 @@ B B [B<-no_tls1>] [B<-no_dhe>] [B<-bugs>] +[B<-comp>] +[B<-no_comp>] [B<-brief>] [B<-www>] [B<-WWW>] @@ -313,6 +315,19 @@ is also used via the B<-engine> option. For test purposes the dummy async engine there are several known bug in SSL and TLS implementations. Adding this option enables various workarounds. +=item B<-comp> + +Enable negotiation of TLS compression. +This option was introduced in OpenSSL 1.1.0. +TLS compression is not recommended and is off by default as of +OpenSSL 1.1.0. + +=item B<-no_comp> + +Disable negotiation of TLS compression. +TLS compression is not recommended and is off by default as of +OpenSSL 1.1.0. + =item B<-brief> only provide a brief summary of connection parameters instead of the diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index 6947865..b3c9df9 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -133,7 +133,16 @@ Various bug workarounds are set, same as setting B. =item B<-comp> -Enables support for SSL/TLS compression, same as clearing B. +Enables support for SSL/TLS compression, same as clearing +B. +This command was introduced in OpenSSL 1.1.0. +As of OpenSSL 1.1.0, compression is off by default. + +=item B<-no_comp> +
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via a3baa171053547488475709c7197592c66e427cf (commit) from 093d20a8cb74e64d627fcd03532ba6b3150f1d1f (commit) - Log - commit a3baa171053547488475709c7197592c66e427cf Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Feb 2 04:35:27 2016 -0500 Fix missing ok=0 with locally blacklisted CAs Also in X509_verify_cert() avoid using "i" not only as a loop counter, but also as a trust outcome and as an error ordinal. Finally, make sure that all "goto end" jumps return an error, with "end" renamed to "err" accordingly. [ The 1.1.0 version of X509_verify_cert() is major rewrite, which addresses these issues in a more systemic way. ] Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: crypto/x509/x509_vfy.c | 70 -- 1 file changed, 40 insertions(+), 30 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 0429767..4d34dba 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -194,6 +194,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx) int num, j, retry; int (*cb) (int xok, X509_STORE_CTX *xctx); STACK_OF(X509) *sktmp = NULL; +int trust = X509_TRUST_UNTRUSTED; +int err; + if (ctx->cert == NULL) { X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); return -1; @@ -216,7 +219,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (((ctx->chain = sk_X509_new_null()) == NULL) || (!sk_X509_push(ctx->chain, ctx->cert))) { X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -goto end; +ok = -1; +goto err; } CRYPTO_add(>cert->references, 1, CRYPTO_LOCK_X509); ctx->last_untrusted = 1; @@ -225,7 +229,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (ctx->untrusted != NULL && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -goto end; +ok = -1; +goto err; } num = sk_X509_num(ctx->chain); @@ -249,7 +254,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { ok = ctx->get_issuer(, ctx, x); if (ok < 0) -goto end; +goto err; /* * If successful for now free up cert so it will be picked up * again later. @@ -266,7 +271,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (xtmp != NULL) { if (!sk_X509_push(ctx->chain, xtmp)) { X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -goto end; +ok = -1; +goto err; } CRYPTO_add(>references, 1, CRYPTO_LOCK_X509); (void)sk_X509_delete_ptr(sktmp, xtmp); @@ -314,7 +320,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) bad_chain = 1; ok = cb(0, ctx); if (!ok) -goto end; +goto err; } else { /* * We have a match: replace certificate with store @@ -347,25 +353,26 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ok = ctx->get_issuer(, ctx, x); if (ok < 0) -goto end; +goto err; if (ok == 0) break; x = xtmp; if (!sk_X509_push(ctx->chain, x)) { X509_free(xtmp); X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -ok = 0; -goto end; +ok = -1; +goto err; } num++; } /* we now have our chain, lets check it... */ -i = check_trust(ctx); +if ((trust = check_trust(ctx)) == X509_TRUST_REJECTED) { +/* Callback already issued */ +ok = 0; +goto err; +} -/* If explicitly rejected error */ -if (i == X509_TRUST_REJECTED) -goto end; /* * If it's not explicitly trusted then check if there is an alternative * chain that could be used. We only do this if we haven't already @@ -373,14 +380,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * chain checking */ retry = 0; -if (i != X509_TRUST_TRUSTED +if (trust != X509_TRUST_TRUSTED && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
[openssl-commits] [openssl] master update
The branch master has been updated via 8143aa6f3474bbe103b0bd0ea79944803597990b (commit) from a9052bed9e485a614dd44c6ae8f8c0e84c3205df (commit) - Log - commit 8143aa6f3474bbe103b0bd0ea79944803597990b Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Feb 5 21:25:05 2016 -0500 Add missing static declarations in dtlsv1listentest.c Clang rightly does not like extern symbols that are not declared in any header file, as typically these are not intended for global visibility and are exposed in error. This was indeed the case with various file-scope objects in dtlsv1listentest.c. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: test/dtlsv1listentest.c | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c index 28b493e..4b616a7 100644 --- a/test/dtlsv1listentest.c +++ b/test/dtlsv1listentest.c @@ -65,7 +65,7 @@ #include "e_os.h" /* Just a ClientHello without a cookie */ -const unsigned char clienthello_nocookie[] = { +static const unsigned char clienthello_nocookie[] = { 0x16, /* Handshake */ 0xFE, 0xFF, /* DTLSv1.0 */ 0x00, 0x00, /* Epoch */ @@ -91,7 +91,7 @@ const unsigned char clienthello_nocookie[] = { }; /* First fragment of a ClientHello without a cookie */ -const unsigned char clienthello_nocookie_frag[] = { +static const unsigned char clienthello_nocookie_frag[] = { 0x16, /* Handshake */ 0xFE, 0xFF, /* DTLSv1.0 */ 0x00, 0x00, /* Epoch */ @@ -111,7 +111,7 @@ const unsigned char clienthello_nocookie_frag[] = { }; /* First fragment of a ClientHello which is too short */ -const unsigned char clienthello_nocookie_short[] = { +static const unsigned char clienthello_nocookie_short[] = { 0x16, /* Handshake */ 0xFE, 0xFF, /* DTLSv1.0 */ 0x00, 0x00, /* Epoch */ @@ -130,7 +130,7 @@ const unsigned char clienthello_nocookie_short[] = { }; /* Second fragment of a ClientHello */ -const unsigned char clienthello_2ndfrag[] = { +static const unsigned char clienthello_2ndfrag[] = { 0x16, /* Handshake */ 0xFE, 0xFF, /* DTLSv1.0 */ 0x00, 0x00, /* Epoch */ @@ -156,7 +156,7 @@ const unsigned char clienthello_2ndfrag[] = { }; /* A ClientHello with a good cookie */ -const unsigned char clienthello_cookie[] = { +static const unsigned char clienthello_cookie[] = { 0x16, /* Handshake */ 0xFE, 0xFF, /* DTLSv1.0 */ 0x00, 0x00, /* Epoch */ @@ -184,7 +184,7 @@ const unsigned char clienthello_cookie[] = { }; /* A fragmented ClientHello with a good cookie */ -const unsigned char clienthello_cookie_frag[] = { +static const unsigned char clienthello_cookie_frag[] = { 0x16, /* Handshake */ 0xFE, 0xFF, /* DTLSv1.0 */ 0x00, 0x00, /* Epoch */ @@ -207,7 +207,7 @@ const unsigned char clienthello_cookie_frag[] = { /* A ClientHello with a bad cookie */ -const unsigned char clienthello_badcookie[] = { +static const unsigned char clienthello_badcookie[] = { 0x16, /* Handshake */ 0xFE, 0xFF, /* DTLSv1.0 */ 0x00, 0x00, /* Epoch */ @@ -235,7 +235,7 @@ const unsigned char clienthello_badcookie[] = { }; /* A fragmented ClientHello with the fragment boundary mid cookie */ -const unsigned char clienthello_cookie_short[] = { +static const unsigned char clienthello_cookie_short[] = { 0x16, /* Handshake */ 0xFE, 0xFF, /* DTLSv1.0 */ 0x00, 0x00, /* Epoch */ @@ -257,14 +257,14 @@ const unsigned char clienthello_cookie_short[] = { }; /* Bad record - too short */ -const unsigned char record_short[] = { +static const unsigned char record_short[] = { 0x16, /* Handshake */ 0xFE, 0xFF, /* DTLSv1.0 */ 0x00, 0x00, /* Epoch */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /* Record sequence number */ }; -const unsigned char verify[] = { +static const unsigned char verify[] = { 0x16, /* Handshake */ 0xFE, 0xFF, /* DTLSv1.0 */ 0x00, 0x00, /* Epoch */ @@ -281,7 +281,7 @@ const unsigned char verify[] = { 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */ }; -struct { +static struct { const unsigned char *in; unsigned int inlen; /* _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 4c35c936618ef31667784f56c7a64552f2ea9fb8 (commit) from ef2499298b26fa84594c8e85fd645bc75179cfdd (commit) - Log - commit 4c35c936618ef31667784f56c7a64552f2ea9fb8 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Feb 3 18:32:25 2016 -0500 Handle localhost being either 127.0.0.1 or ::1 When connecting to "localhost" the Proxy's choice of client address family may not match the server's choice address family. Without MultiHomed => 1, the proxy may try the wrong address family first, and give up without trying the other. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: util/TLSProxy/Proxy.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index dab3d34..283c765 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -261,6 +261,7 @@ sub clientstart $server_sock = $IP_factory->( PeerAddr => $servaddr, PeerPort => $self->server_port, +MultiHomed => 1, Proto => 'tcp' ); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 0c20802c6a6008b28bfb0eac67d69f536edc60a7 (commit) from 43d6702de97d2d5b5b825ffea772b9f55635688c (commit) - Log - commit 0c20802c6a6008b28bfb0eac67d69f536edc60a7 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Feb 2 00:37:41 2016 -0500 Fix pkeyutl/rsautl empty encrypt-input/decrypt-output handling Also fix option processing in pkeyutl to allow use of (formerly) "out-of-order" switches that were needless implementation limitations. Handle documented "ENGINE" form with -keyform and -peerform. Better handling of OPENSSL_NO_ENGINE and OPENSSL_NO_RSA. RT2018 Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: apps/apps.c | 43 +++-- apps/apps.h | 3 +- apps/opt.c | 27 + apps/pkeyutl.c | 105 ++- apps/rsautl.c| 9 ++--- doc/apps/pkeyutl.pod | 8 ++-- doc/apps/rsautl.pod | 5 +++ 7 files changed, 128 insertions(+), 72 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 9b55f82..7a4608f 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -763,20 +763,22 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, BIO_printf(bio_err, "no keyfile specified\n"); goto end; } -#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { -if (!e) +if (e == NULL) BIO_printf(bio_err, "no engine specified\n"); else { +#ifndef OPENSSL_NO_ENGINE pkey = ENGINE_load_private_key(e, file, ui_method, _data); -if (!pkey) { +if (pkey == NULL) { BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip); ERR_print_errors(bio_err); } +#else +BIO_printf(bio_err, "engines not supported\n"); +#endif } goto end; } -#endif if (file == NULL && maybe_stdin) { unbuffer(stdin); key = dup_bio_in(format); @@ -831,15 +833,22 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, BIO_printf(bio_err, "no keyfile specified\n"); goto end; } -#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { -if (!e) +if (e == NULL) BIO_printf(bio_err, "no engine specified\n"); -else +else { +#ifndef OPENSSL_NO_ENGINE pkey = ENGINE_load_public_key(e, file, ui_method, _data); +if (pkey == NULL) { +BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip); +ERR_print_errors(bio_err); +} +#else +BIO_printf(bio_err, "engines not supported\n"); +#endif +} goto end; } -#endif if (file == NULL && maybe_stdin) { unbuffer(stdin); key = dup_bio_in(format); @@ -850,8 +859,8 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, if (format == FORMAT_ASN1) { pkey = d2i_PUBKEY_bio(key, NULL); } -#ifndef OPENSSL_NO_RSA else if (format == FORMAT_ASN1RSA) { +#ifndef OPENSSL_NO_RSA RSA *rsa; rsa = d2i_RSAPublicKey_bio(key, NULL); if (rsa) { @@ -860,8 +869,12 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, EVP_PKEY_set1_RSA(pkey, rsa); RSA_free(rsa); } else +#else +BIO_printf(bio_err, "RSA keys not supported\n"); +#endif pkey = NULL; } else if (format == FORMAT_PEMRSA) { +#ifndef OPENSSL_NO_RSA RSA *rsa; rsa = PEM_read_bio_RSAPublicKey(key, NULL, (pem_password_cb *)password_callback, @@ -872,9 +885,11 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, EVP_PKEY_set1_RSA(pkey, rsa); RSA_free(rsa); } else +#else +BIO_printf(bio_err, "RSA keys not supported\n"); +#endif pkey = NULL; } -#endif else if (format == FORMAT_PEM) { pkey = PEM_read_bio_PUBKEY(key, NULL, (pem_password_cb *)password_callback, @@ -1907,7 +1922,11 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in) else len = 1024; len = BIO_read(in, tbuf, len); -if (len <= 0) +if (len < 0) { +BIO_free(mem); +return -1; +} +if (len == 0) break; if (BIO_write(mem, tbuf, len) != len) { BIO_free(mem); @@ -1924,7 +1943,7 @@ int bio_to_mem(unsigned char **out, i
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 5df0bde60ebf2718d5aef18c4a9fdfd230928981 (commit) from a2bab12a331b6764804913d08e2e472c9e5d13ae (commit) - Log - commit 5df0bde60ebf2718d5aef18c4a9fdfd230928981 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon Feb 1 23:37:42 2016 -0500 Fix pkeyutl/rsautl empty encrypt-input/decrypt-output handling Also fix option processing in pkeyutl to allow use of (formerly) "out-of-order" switches that were needless implementation limitations. RT2018 Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: apps/apps.c| 8 -- apps/apps.h| 2 +- apps/pkeyutl.c | 90 ++ apps/rsautl.c | 6 ++-- 4 files changed, 63 insertions(+), 43 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 2e77805..b1dd970 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2442,7 +2442,11 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in) else len = 1024; len = BIO_read(in, tbuf, len); -if (len <= 0) +if (len < 0) { +BIO_free(mem); +return -1; +} +if (len == 0) break; if (BIO_write(mem, tbuf, len) != len) { BIO_free(mem); @@ -2459,7 +2463,7 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in) return ret; } -int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value) +int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) { int rv; char *stmp, *vtmp = NULL; diff --git a/apps/apps.h b/apps/apps.h index 8276e70..19bf5cc 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -321,7 +321,7 @@ int args_verify(char ***pargs, int *pargc, int *badarg, BIO *err, X509_VERIFY_PARAM **pm); void policies_print(BIO *out, X509_STORE_CTX *ctx); int bio_to_mem(unsigned char **out, int maxlen, BIO *in); -int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value); +int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value); int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, const char *algname, ENGINE *e, int do_param); int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md, diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index c8d513b..e47206c 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -73,7 +73,7 @@ static void usage(void); #define PROG pkeyutl_main static EVP_PKEY_CTX *init_ctx(int *pkeysize, - char *keyfile, int keyform, int key_type, + const char *keyfile, int keyform, int key_type, char *passargin, int pkey_op, ENGINE *e, int impl); @@ -99,10 +99,12 @@ int MAIN(int argc, char **argv) char *passargin = NULL; int keysize = -1; int engine_impl = 0; - unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; -size_t buf_outlen; +size_t buf_outlen = 0; int buf_inlen = 0, siglen = -1; +const char *inkey = NULL; +const char *peerkey = NULL; +STACK_OF(OPENSSL_STRING) *pkeyopts = NULL; int ret = 1, rv = -1; @@ -136,21 +138,13 @@ int MAIN(int argc, char **argv) } else if (!strcmp(*argv, "-inkey")) { if (--argc < 1) badarg = 1; -else { -ctx = init_ctx(, - *(++argv), keyform, key_type, - passargin, pkey_op, e, engine_impl); -if (!ctx) { -BIO_puts(bio_err, "Error initializing context\n"); -ERR_print_errors(bio_err); -badarg = 1; -} -} +else +inkey = *++argv; } else if (!strcmp(*argv, "-peerkey")) { if (--argc < 1) badarg = 1; -else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e)) -badarg = 1; +else +peerkey = *++argv; } else if (!strcmp(*argv, "-passin")) { if (--argc < 1) badarg = 1; @@ -191,23 +185,21 @@ int MAIN(int argc, char **argv) pkey_op = EVP_PKEY_OP_VERIFY; else if (!strcmp(*argv, "-verifyrecover")) pkey_op = EVP_PKEY_OP_VERIFYRECOVER; -else if (!strcmp(*argv, "-rev")) -rev = 1; else if (!strcmp(*argv, "-encrypt")) pkey_op = EVP_PKEY_OP_ENCRYPT; else if (!strcmp(*argv, "-decrypt")) pkey_op = EVP_PKEY_OP_DECRYPT; else if (!strcmp(*argv, "-derive")) pkey_op = EVP_PKEY_OP_DERIVE; +else if (!strcmp(*argv, "-r
[openssl-commits] [openssl] master update
The branch master has been updated via aea6116146ef462d11950ebf701e0f56a38b3d75 (commit) from d8ca44ba4158a9dafeaa30d3cba6f113904d2aa6 (commit) - Log - commit aea6116146ef462d11950ebf701e0f56a38b3d75 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Jan 27 22:43:23 2016 -0500 Make it possible to check for explicit auxiliary trust By default X509_check_trust() trusts self-signed certificates from the trust store that have no explicit local trust/reject oids encapsulated as a "TRUSTED CERTIFICATE" object. (See the -addtrust and -trustout options of x509(1)). This commit adds a flag that makes it possible to distinguish between that implicit trust, and explicit auxiliary settings. With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted via explicit trust settings. Reviewed-by: Dr. Stephen Henson <st...@openssl.org> --- Summary of changes: crypto/x509/x509_trs.c | 2 +- include/openssl/x509.h | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 72c8110..7392c55 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -285,7 +285,7 @@ static int trust_compat(X509_TRUST *trust, X509 *x, int flags) { /* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, 0); -if (x->ex_flags & EXFLAG_SS) +if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; else return X509_TRUST_UNTRUSTED; diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 477bff8..7581bb4 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -199,8 +199,9 @@ DEFINE_STACK_OF(X509_TRUST) # define X509_TRUST_MAX 8 /* trust_flags values */ -# define X509_TRUST_DYNAMIC 1 -# define X509_TRUST_DYNAMIC_NAME 2 +# define X509_TRUST_DYNAMIC (1U << 0) +# define X509_TRUST_DYNAMIC_NAME (1U << 1) +# define X509_TRUST_NO_SS_COMPAT (1U << 2) /* check_trust return codes */ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via bc8c34d74ad26dca410f919b928db534b846d65f (commit) from ced2c2c598e195175950a67756d426052d38c228 (commit) - Log - commit bc8c34d74ad26dca410f919b928db534b846d65f Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Jan 29 16:38:21 2016 -0500 Fix invalid policy detection As a side-effect of opaque x509, ex_flags were looked up too early, before additional policy cache updates. Reviewed-by: Dr. Stephen Henson <st...@openssl.org> --- Summary of changes: crypto/x509v3/pcy_tree.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 850d488..cac2d51 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -185,14 +185,18 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, for (i = n - 2; i >= 0; i--) { uint32_t ex_flags; x = sk_X509_value(certs, i); -ex_flags = X509_get_extension_flags(x); + +/* + * Note, this modifies x->ex_flags. If cache NULL something bad + * happened: return immediately + */ cache = policy_cache_set(x); -/* If cache NULL something bad happened: return immediately */ if (cache == NULL) return 0; /* * If inconsistent extensions keep a note of it but continue */ +ex_flags = X509_get_extension_flags(x); if (ex_flags & EXFLAG_INVALID_POLICY) ret = -1; /* _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ea5e0c1caf4ea6731d09edf36a5ae57d6e60cd10 (commit) from 826e9e54460b30c8911f8ab28811f1961c9d63cd (commit) - Log - commit ea5e0c1caf4ea6731d09edf36a5ae57d6e60cd10 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Jan 29 17:23:03 2016 -0500 Make opt_imax visible in all apps Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: apps/apps.h | 9 + apps/opt.c | 6 -- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/apps/apps.h b/apps/apps.h index 99bcd50..b6e894d 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -138,6 +138,15 @@ # define openssl_fdset(a,b) FD_SET(a, b) # endif +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ + defined(INTMAX_MAX) && defined(UINTMAX_MAX) +int opt_imax(const char *value, intmax_t *result); +int opt_umax(const char *value, uintmax_t *result); +# else +# define opt_imax opt_long +# define opt_umax opt_ulong +# endif + int app_RAND_load_file(const char *file, int dont_warn); int app_RAND_write_file(const char *file); /* diff --git a/apps/opt.c b/apps/opt.c index 17ac474..14e05de 100644 --- a/apps/opt.c +++ b/apps/opt.c @@ -75,12 +75,6 @@ static const OPTIONS *unknown; static const OPTIONS *opts; static char prog[40]; -#if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L || \ -!defined(INTMAX_MAX) && !defined(UINTMAX_MAX) -#define opt_imax opt_long -#define opt_umax opt_ulong -#endif - /* * Return the simple name of the program; removing various platform gunk. */ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 56087077d81e2b888f4cbe7f70b2077dc5add90d (commit) from 04b08fbc3d0db3f7c540df4f5f00d30fae27ef90 (commit) - Log - commit 56087077d81e2b888f4cbe7f70b2077dc5add90d Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Jan 29 15:27:00 2016 -0500 Better type for x509 -checkend argument This is a time_t and can be zero or negative. So use 'M' (maximal signed int) not 'p' (positive int). Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: apps/x509.c | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/apps/x509.c b/apps/x509.c index 7a688a9..a8d0686 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -152,7 +152,7 @@ OPTIONS x509_options[] = { {"setalias", OPT_SETALIAS, 's', "Set certificate alias"}, {"days", OPT_DAYS, 'n', "How long till expiry of a signed certificate - def 30 days"}, -{"checkend", OPT_CHECKEND, 'p', +{"checkend", OPT_CHECKEND, 'M', "Check whether the cert expires in the next arg seconds"}, {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"}, {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"}, @@ -225,7 +225,8 @@ int x509_main(int argc, char **argv) int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0; int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0; int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0; -int checkoffset = 0, enddate = 0; +int enddate = 0; +time_t checkoffset = 0; unsigned long nmflag = 0, certflag = 0; char nmflag_set = 0; OPTION_CHOICE o; @@ -466,8 +467,14 @@ int x509_main(int argc, char **argv) enddate = ++num; break; case OPT_CHECKEND: -checkoffset = atoi(opt_arg()); checkend = 1; +if (!opt_imax(opt_arg(), )) +goto opthelp; +if (checkoffset != (time_t)checkoffset) { +BIO_printf(bio_err, "%s: checkend time out of range %s\n", + prog, opt_arg()); +goto opthelp; +} break; case OPT_CHECKHOST: checkhost = opt_arg(); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 7eba4e62077484aebec010157424287f1963c88f (commit) from 3538c7da3d53dca70be5f507376299843046d2b7 (commit) - Log - commit 7eba4e62077484aebec010157424287f1963c88f Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Thu Jan 28 00:10:11 2016 -0500 Restore NUMPRIMES as a numeric literal This fixes clang compilation problem with size_t NUMPRIMES and int loop counters. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: Makefile.in | 6 +++--- crypto/bn/bn_prime.c | 2 -- crypto/bn/bn_prime.h | 5 - crypto/bn/bn_prime.pl | 3 ++- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/Makefile.in b/Makefile.in index 629141d..80d5f17 100644 --- a/Makefile.in +++ b/Makefile.in @@ -442,9 +442,9 @@ depend: update: generate errors ordinals depend generate: - (cd apps && $(MAKE) generate) - (cd crypto/bn && $(MAKE) generate) - (cd crypto/objects && $(MAKE) generate) + (cd apps && PERL='${PERL}' $(MAKE) generate) + (cd crypto/bn && PERL='${PERL}' $(MAKE) generate) + (cd crypto/objects && PERL='${PERL}' $(MAKE) generate) errors: $(PERL) util/ck_errf.pl -strict */*.c */*/*.c diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 8d1294f..a5887d9 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -121,8 +121,6 @@ */ #include "bn_prime.h" -#define NUMPRIMES OSSL_NELEM(primes) - static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h index d1fbcd1..6f6949c 100644 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -57,7 +57,10 @@ */ typedef unsigned short prime_t; -static const prime_t primes[] = { +# define NUMPRIMES 2048 + +static const prime_t primes[2048] = { + 2,3,5,7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl index add6ffb..3a5f064 100644 --- a/crypto/bn/bn_prime.pl +++ b/crypto/bn/bn_prime.pl @@ -76,8 +76,9 @@ loop: while ($#primes < $num-1) { } print "typedef unsigned short prime_t;\n"; +printf "# define NUMPRIMES %d\n\n", $num; -print "static const prime_t primes[] = {"; +printf "static const prime_t primes[%d] = {\n", $num; for (my $i = 0; $i <= $#primes; $i++) { printf "\n" if ($i % 8) == 0; printf "%4d, ", $primes[$i]; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 35ade23b02a02b5514941586030016b67ac0934e (commit) from 987157f6f63fa70dbeffca3c8bc62f26e9767ff2 (commit) - Log - commit 35ade23b02a02b5514941586030016b67ac0934e Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Thu Jan 28 19:04:49 2016 -0500 Keep RC5 bit shifts in [0..31] Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: crypto/rc5/rc5_locl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/rc5/rc5_locl.h b/crypto/rc5/rc5_locl.h index 990..6b34f92 100644 --- a/crypto/rc5/rc5_locl.h +++ b/crypto/rc5/rc5_locl.h @@ -170,10 +170,10 @@ # endif #endif #ifndef ROTATE_l32 -# define ROTATE_l32(a,n) (((a)<<(n&0x1f))|(((a)&0x)>>(32-(n&0x1f +# define ROTATE_l32(a,n) (((a)<<(n&0x1f))|(((a)&0x)>>((32-n)&0x1f))) #endif #ifndef ROTATE_r32 -# define ROTATE_r32(a,n) (((a)<<(32-(n&0x1f)))|(((a)&0x)>>(n&0x1f))) +# define ROTATE_r32(a,n) (((a)<<((32-n)&0x1f))|(((a)&0x)>>(n&0x1f))) #endif #define RC5_32_MASK 0xL _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 109f8b5dec6aa3f46c1df79c8d5f8e8aba10474b (commit) from b4f35e5e07afa2df7125b814b45242648b33e39e (commit) - Log - commit 109f8b5dec6aa3f46c1df79c8d5f8e8aba10474b Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Wed Jan 27 21:54:09 2016 -0500 Comment side-effect only calls of X509_check_purpose Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: crypto/cms/cms_sd.c | 1 + crypto/ts/ts_rsp_sign.c | 1 + crypto/x509/x509_trs.c | 1 + crypto/x509v3/pcy_tree.c | 1 - crypto/x509v3/v3_purp.c | 5 + 5 files changed, 8 insertions(+), 1 deletion(-) diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 444af0b..288db48 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -280,6 +280,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, si = M_ASN1_new_of(CMS_SignerInfo); if (!si) goto merr; +/* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(signer, -1, -1); CRYPTO_add(>references, 1, CRYPTO_LOCK_EVP_PKEY); diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index e85c4b4..0ad6f10 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -793,6 +793,7 @@ static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed) GENERAL_NAME *name = NULL; unsigned char cert_sha1[SHA_DIGEST_LENGTH]; +/* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(cert, -1, 0); if ((cid = ESS_CERT_ID_new()) == NULL) goto err; diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 58e7d54..72c8110 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -283,6 +283,7 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) static int trust_compat(X509_TRUST *trust, X509 *x, int flags) { +/* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, 0); if (x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 6cf6f4e..850d488 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -186,7 +186,6 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, uint32_t ex_flags; x = sk_X509_value(certs, i); ex_flags = X509_get_extension_flags(x); -X509_check_purpose(x, -1, -1); cache = policy_cache_set(x); /* If cache NULL something bad happened: return immediately */ if (cache == NULL) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 2d5a29f..e5231b3 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -132,6 +132,7 @@ int X509_check_purpose(X509 *x, int id, int ca) x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); } +/* Return if side-effect only call */ if (id == -1) return 1; idx = X509_PURPOSE_get_by_id(id); @@ -850,12 +851,14 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) uint32_t X509_get_extension_flags(X509 *x) { +/* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, -1); return x->ex_flags; } uint32_t X509_get_key_usage(X509 *x) { +/* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, -1); if (x->ex_flags & EXFLAG_KUSAGE) return x->ex_kusage; @@ -864,6 +867,7 @@ uint32_t X509_get_key_usage(X509 *x) uint32_t X509_get_extended_key_usage(X509 *x) { +/* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, -1); if (x->ex_flags & EXFLAG_XKUSAGE) return x->ex_xkusage; @@ -872,6 +876,7 @@ uint32_t X509_get_extended_key_usage(X509 *x) const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) { +/* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, -1); return x->skid; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via f006217bb628d05a2d5b866ff252bd94e3477e1f (commit) from 349807608f31b20af01a342d0072bb92e0b036e2 (commit) - Log - commit f006217bb628d05a2d5b866ff252bd94e3477e1f Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Jan 26 16:52:26 2016 -0500 Fix Custom Extension tests skip count Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: test/recipes/80-test_ssl.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/recipes/80-test_ssl.t b/test/recipes/80-test_ssl.t index d0bb79a..bcac431 100644 --- a/test/recipes/80-test_ssl.t +++ b/test/recipes/80-test_ssl.t @@ -560,7 +560,7 @@ sub testssl { plan tests => 1; SKIP: { - skip "TLSv1.0 is not supported by this OpenSSL build", 7 + skip "TLSv1.0 is not supported by this OpenSSL build", 1 if $no_tls1; ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext"])), _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 6e32825631bea414c3fc70d16bbb413dac221722 (commit) from bd5192b1013b68373c47bdca8d68229906171695 (commit) - Log - commit 6e32825631bea414c3fc70d16bbb413dac221722 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sun Jan 17 16:50:52 2016 -0500 Check Suite-B constraints with EE DANE records When DANE-EE(3) matches or either of DANE-EE/PKIX-EE fails, we don't build a chain at all, but rather succeed or fail with just the leaf certificate. In either case also check for Suite-B violations. As unlikely as it may seem that anyone would enable both DANE and Suite-B, we should do what the application asks. Took the opportunity to eliminate the "cb" variables in x509_vfy.c, just call ctx->verify_cb(ok, ctx) Reviewed-by: Dr. Stephen Henson <st...@openssl.org> --- Summary of changes: crypto/x509/x509_cmp.c | 19 + crypto/x509/x509_vfy.c | 55 -- 2 files changed, 46 insertions(+), 28 deletions(-) diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 2521e77..2641d2e 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -398,11 +398,12 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, unsigned long flags) { int rv, i, sign_nid; -EVP_PKEY *pk = NULL; -unsigned long tflags; +EVP_PKEY *pk; +unsigned long tflags = flags; + if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) return X509_V_OK; -tflags = flags; + /* If no EE certificate passed in must be first in chain */ if (x == NULL) { x = sk_X509_value(chain, 0); @@ -410,6 +411,17 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, } else i = 0; +pk = X509_get0_pubkey(x); + +/* + * With DANE-EE(3) success, or DANE-EE(3)/PKIX-EE(1) failure we don't build + * a chain all, just report trust success or failure, but must also report + * Suite-B errors if applicable. This is indicated via a NULL chain + * pointer. All we need to do is check the leaf key algorithm. + */ +if (chain == NULL) +return check_suite_b(pk, -1, ); + if (X509_get_version(x) != 2) { rv = X509_V_ERR_SUITE_B_INVALID_VERSION; /* Correct error depth */ @@ -417,7 +429,6 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, goto end; } -pk = X509_get0_pubkey(x); /* Check EE key only */ rv = check_suite_b(pk, -1, ); if (rv != X509_V_OK) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index ec9c321..c9dd6fa 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -193,7 +193,6 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) static int verify_chain(X509_STORE_CTX *ctx) { -int (*cb) (int xok, X509_STORE_CTX *xctx) = ctx->verify_cb; int err; int ok; @@ -214,7 +213,7 @@ static int verify_chain(X509_STORE_CTX *ctx) if (err != X509_V_OK) { ctx->error = err; ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth); -if ((ok = cb(0, ctx)) == 0) +if ((ok = ctx->verify_cb(0, ctx)) == 0) return ok; } @@ -373,11 +372,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) { int i, ok = 0, must_be_ca, plen = 0; X509 *x; -int (*cb) (int xok, X509_STORE_CTX *xctx); int proxy_path_length = 0; int purpose; int allow_proxy_certs; -cb = ctx->verify_cb; /*- * must_be_ca can have 1 of 3 values: @@ -415,7 +412,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; ctx->error_depth = i; ctx->current_cert = x; -ok = cb(0, ctx); +ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } @@ -423,7 +420,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; ctx->error_depth = i; ctx->current_cert = x; -ok = cb(0, ctx); +ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } @@ -457,7 +454,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) if (ret == 0) { ctx->error_depth = i; ctx->current_cert = x; -ok = cb(0, ctx); +ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } @@ -469,7 +466,7 @@ static int check_chain_extensions(X509_STORE_CTX *
[openssl-commits] [openssl] master update
The branch master has been updated via feb2f53edc7e9b96cfe9c0ab611461edabdd2b34 (commit) via 0996dc5440cc233f029129182bbb6e3d4613045a (commit) via 6e8beabcd4b9450a3a7358bf5668b2bc70580517 (commit) via 3342dcea7a633e579e1971dfd16ff3fc14dc3936 (commit) via 3d6e91c68051ab94400cf4281f95ffef29a7a4a3 (commit) via 8478351737d7edac0f82dd4fc7f2caff994ce93d (commit) from 6e32825631bea414c3fc70d16bbb413dac221722 (commit) - Log - commit feb2f53edc7e9b96cfe9c0ab611461edabdd2b34 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sat Jan 16 01:15:02 2016 -0500 Multiple -trusted/-untrusted/-CRLfile options in verify It is sometimes useful (especially in automated tests) to supply multiple trusted or untrusted certificates via separate files rather than have to prepare a single file containing them all. To that end, change verify(1) to accept these options zero or more times. Also automatically set -no-CAfile and -no-CApath when -trusted is specified. Improve verify(1) documentation, which could still use some work. Reviewed-by: Richard Levitte <levi...@openssl.org> commit 0996dc5440cc233f029129182bbb6e3d4613045a Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Sat Jan 16 00:08:38 2016 -0500 Refactor apps load_certs/load_crls to work incrementally Reviewed-by: Richard Levitte <levi...@openssl.org> commit 6e8beabcd4b9450a3a7358bf5668b2bc70580517 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Thu Jan 14 18:10:27 2016 -0500 More X509_verify_cert() tests via verify(1). Still need tests for trusted-first and tests that probe construction of alternate chains. Reviewed-by: Richard Levitte <levi...@openssl.org> commit 3342dcea7a633e579e1971dfd16ff3fc14dc3936 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Jan 15 03:49:11 2016 -0500 Reject when explicit trust EKU are set and none match. Returning untrusted is enough for for full chains that end in self-signed roots, because when explicit trust is specified it suppresses the default blanket trust of self-signed objects. But for partial chains, this is not enough, because absent a similar trust-self-signed policy, non matching EKUs are indistinguishable from lack of EKU constraints. Therefore, failure to match any trusted purpose must trigger an explicit reject. Reviewed-by: Richard Levitte <levi...@openssl.org> commit 3d6e91c68051ab94400cf4281f95ffef29a7a4a3 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Jan 15 16:12:42 2016 -0500 Commit pre-generated test_verify certs These can be re-generated via: cd test/certs; ./setup.sh if need be. The keys are all RSA 2048-bit keys, but it is possible to change that via environment variables. cd test/certs rm -f *-key.pem *-key2.pem OPENSSL_KEYALG=rsa OPENSSL_KEYBITS=3072 ./setup.sh cd test/certs rm -f *-key.pem *-key2.pem OPENSSL_KEYALG=ecdsa OPENSSL_KEYBITS=secp384r1 ./setup.sh ... Keys are re-used if already present, so the environment variables are only used when generating any keys that are missing. Hence the "rm -f" Reviewed-by: Richard Levitte <levi...@openssl.org> commit 8478351737d7edac0f82dd4fc7f2caff994ce93d Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Fri Jan 15 03:48:27 2016 -0500 Scripts to generate verify test certs Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: apps/apps.c| 30 apps/apps.h| 10 +-- apps/cms.c | 4 +- apps/ocsp.c| 15 ++-- apps/pkcs12.c | 13 +--- apps/s_cb.c| 5 +- apps/s_client.c| 5 +- apps/s_server.c| 10 +-- apps/smime.c | 4 +- apps/verify.c | 41 -- crypto/x509/x509_trs.c | 15 doc/apps/verify.pod| 110 ++- test/certs/ca+clientAuth.pem | 18 + test/certs/ca+serverAuth.pem | 18 + test/certs/ca-cert.pem | 18 + test/certs/ca-cert2.pem| 18 + test/certs/ca-expired.pem | 18 + test/certs/ca-key.pem | 28 +++ test/certs/ca-key2.pem | 28 +++ test/certs/ca-name2.pem| 18 + test/certs/ca-nonca.pem| 19 + test/certs/ca-root2.pem| 18 + test/certs/ca-serverAuth.pem | 18 + test/certs/ee+clientAuth.pem | 20 + test/certs/ee+se
[openssl-commits] [openssl] master update
The branch master has been updated via 928623825cc59e272e2031cd3f07c5b7bbd605d4 (commit) from 293b5ca47767005e0341b450eef82633f48359f3 (commit) - Log - commit 928623825cc59e272e2031cd3f07c5b7bbd605d4 Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Tue Jan 19 12:42:31 2016 -0500 API compat for SSLeay_add_ssl_algorithms Reviewed-by: Dr. Stephen Henson <st...@openssl.org> --- Summary of changes: include/openssl/ssl.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 53ee655..3152348 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1031,6 +1031,9 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_VERIFY_CLIENT_ONCE 0x04 # define OpenSSL_add_ssl_algorithms()SSL_library_init() +# if OPENSSL_API_COMPAT < 0x1010L +# define SSLeay_add_ssl_algorithms()SSL_library_init() +# endif /* More backward compatibility */ # define SSL_get_cipher(s) \ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits